USA – NEW YORK Trends and Developments Contributed by: Evan Roberts and Meredith Griffanti, FTI Consulting, Inc.
more harm than good. To begin, let us consider some of the key attributes of an effective cyber- security tabletop exercise, and critical steps companies can take to make sure they maxim- ise the leadership’s valuable time and attention. Meet teams where they are in their maturity journey and create organisation-specific scenarios Organisations differ in their corporate structure, cybersecurity risk profile, data governance, and crisis experience. An organisation that has an established Incident Response Team (IRT), com- pletes annual tabletop exercises, and has man- aged their own cyber crises would benefit from scenarios that are more advanced and nuanced – assessing an organisation’s effectiveness in its ability to respond. On the contrary, a company lacking established incident response protocols warrants an exercise that will teach and train, rather than test. Exercises should be tailored to an organisation’s needs and designed to maxim- ise engagement and capture nuances, with con- sideration given to factors like duration (hours versus days) and format (in-person or virtual) for the most valuable exercise. Bring the right team together Given the impact that disruptive cyber incidents, such as ransomware, often have on the over- all organisation, and the cross-functional team needed for an effective response, it is important that all individuals who will play a key role in the response have the chance to practice. Cyberse- curity incidents are multi-stakeholder in nature; companies should have representation from all key areas of the business, such as operations, legal, IT, information security, communications and HR, to ensure the exercise is realistic and resonates with a wide swath of audiences. While specific team members vary, participants should generally include the IRT, C-suite, appropriate
functional representatives or subject-matter experts (depending on the scenario) and poten- tially even a board member for key moments in time. Teams should consider likely communica- tions pain points, legal challenges, anticipated reactions from key company stakeholders, own- ership over workstreams, a process that clearly dictates how communications are approved and distributed, and a triage protocol for managing a large volume of inquiries. Designate an executive sponsor, a tabletop owner and a good moderator Tabletops are fantastic training exercises and teaching moments, but ultimately ineffective without an executive sponsor that sets the tone from the top about the importance of the exer- cise to the organisation as a whole. Likewise, without one or two individuals at the organisation taking ownership over the exercise and driving it forward, key takeaways, areas for improvement and other learnings may go by the wayside. Additionally, when exercise time comes, a good moderator, particularly one from an outside firm, who can bring both expertise and objectivity into the room, helps ensure that the team does not get bogged down by hypothetical details. Instead, conversation should keep flowing with a focus on how teams would work together to respond to various escalations, while moderator facilitates, captures key questions and consid- erations. Tap into external expertise While internal-led tabletops can be effective, as mentioned above, organisations often tap law firms, forensic teams, and/or crisis com- munications experts to help design and moder- ate these exercises. Which specific experts to engage depend on the goals of the exercise, but regardless, outside experts bring experience from managing real incidents at scale and can
180 CHAMBERS.COM
Powered by FlippingBook