Webinar Review

Managing a cyber security crisis: Should you fight or flight?

Cyber security awareness and planning is a key part of the modern business, and leaders need to accept that crisis management is now part of the job. I recently had the pleasure of hosting an ASIA Sydney webinar on crisis management and spoke with Angela Coble, Cheryl Hayman and John Taylor who shared their impressive experience. Here are some highlights.

Be an Adaptive Leader

In a normal day, good leaders will adopt a flexible leadership style often moving from servant leadership, coaching style, innovative thinking or autocratic, all dependent on the issues being addressed and the outcome required. The mode shifts during a crisis, and your teams and colleagues need to see you leading from the front. Teams need a sense of security and safety during a crisis. You need to move into a highly visible role, where you remain calm, pragmatic and adopt a non-emotional leadership style. It’s command-and-control style but with a twist. The trio warned that although leaders need to take control and keep everyone moving in the same direction, it is incredibly important to remember that as an Executive Leader, you should play to your strengths and not attempt to be a technical authority but create space and listen to your experts. When you need others to speak up, encourage them to share ideas and in those moments don’t try to be the biggest or smartest person in the room. Seniority doesn’t not equate to expertise so be sure to listen to your experts (regardless of level), make a decision and then step forward again to lead your team.

There was also a lot of encouragement for junior staff members to be brave in those moments and have the power of their convictions. Everyone has the opportunity to change the outcome of the crisis so speak up if you know the answer. Good leaders will listen and want to hear your voice.

Have a Diverse Response

A security incident is a whole of enterprise problem and pre-planning needs to occur so that you have people involved in the decision making process that know your business from different angles. Responding to and prioritizing the incident and recovery cannot be looked at from a technical point of view only. Create a skills matrix and be sure to bring together people that are looking at your business from the outside in, so you don’t inadvertently lose focus on your customers or suppliers.

A proactive board will want to know immediately about a significant issue. Appoint an individual to evaluate and co-ordinate updates from different business functions such as communications, technology, supply chain, order fulfillment. Boards know they need their specialists and they won’t look to the CISO to solve all issues.

Plan, Plan, Plan.

Traditional Business Continuity Planning is based on narrow and specific circumstances and organizations need to review their crisis management responses by testing a scenario of the entire infrastructure offline with no access to digital records or operations for extended periods. The good news is that organisations are starting to move towards Business Resilience, extending the breadth and depth of risk identification, governance, and preparedness.

Planning ahead of time about who needs to be involved and what their responsibility will be makes a significant difference to how calm a leader will behave, and good composure will increase their credibility during the crisis. Executive Leaders need to know ahead of time who is on their crisis call lists, and they also need to predetermine the trigger for when they start calling. Alerting people too early or too late will reflect poorly on the maturity of the leader. Cyber Security is no longer a bolt on or an afterthought - leaders need to prepare now to ensure it is part of everyday business culture.

A Crisis Mantra

Learn – every incident and even false alarm gives you an opportunity to learn. Be transparent, move away from a blame culture and use what you know to prepare.

Listen – be a visible leader but don’t always be the biggest person in the room. You won’t know everything and let expert voices speak up.

Stay calm – this creates comfort for people. Being calm confirms your credibility and preparedness.

Be brave – Speak up when you don’t know so that you keep curiosity and ask questions in a way that creates a safe place - it encourages others to be brave and honest.

For even more insights be sure to watch the webinar in full. A big thank you to the webinar guests Angela Coble, Cheryl Hayman and John Taylor. I also want to call out the work performed by Amit Chaubey Deputy Chair of ASIA Sydney who was instrumental in pulling together this impressive caliber of guests for our ASIA members.

About the Author & Host: Nicki Doble is an Executive Member of ASIA Sydney Branch and an Interim CIO | CISO.

Nicki Doble.

  Register Now