USA – NEW YORK Trends and Developments Contributed by: Evan Roberts and Meredith Griffanti, FTI Consulting, Inc.
FTI Consulting, Inc. 1166 Avenue of the Americas, 15th Floor
New York NY 10036 USA
Tel: +1 212 850 5777 Fax: +1 646 642 9277 Email: evan.roberts@fticonsulting.com Web: www.fticonsulting.com
Cybersecurity Crisis Response Tabletop Exercises – What Works, What Does Not, and Where it Can Really Go Wrong When a cybersecurity incident hits, it is no sur- prise that organisations tend to fare better if they have prepared and practised their cybersecurity crisis response plans in advance. Tabletop exer- cises play an invaluable role in an organisation’s overall cybersecurity preparedness programme. In addition to the benefit of helping bring hypo- thetical crises to life, regulators expect, and – depending on the jurisdiction – may even require organisations to conduct cyber training and tab- letops. Cybersecurity insurers have joined the bandwagon, encouraging, if not requiring, such exercises for their insureds as a prerequisite to coverage. While having plans on paper is important, it is equally important to practise working cross- functionally, escalating key issues, making deci- sions and managing a large volume of inquiries and competing priorities during a cyber crisis. Tabletops and simulations give teams a front row view into how incident response plans func- tion or fall. Until plans are pressure tested in the most realistic ways possible, they remain some- what academic exercises. There is a feeling that
comes with seeing a company’s name and a countdown clock on a mock threat actor shame site that simply brings a plan to life. And while preparedness plans are typically developed in a small working group without the executive teams, tabletop exercises can bring the execu- tives to the table and provide valuable insights into the way they will respond to an active cyber crisis. Is the CEO a dealmaker, inclined to dive into negotiations with a ransomware group to extract the best possible value for a decryptor tool and/ or suppression of exfiltrated data? Are they fuelled by patriotism, ready to stand their ground and refuse to pay cyber criminals because they “do not negotiate with terrorists” ? Or are they a pragmatist, inclined to take the temperature of their executive team and the counsel of veteran advisors? The answer to these questions and many more can (and should) be learned in a tab- letop before the real crisis hits. Designing an Exercise – Key Steps to Success Not all tabletops are created equal, and while most provide at least some value, there are the occasional horror stories of how exercises did
179 CHAMBERS.COM
Powered by FlippingBook