Why managing the human factors is crucial to a successful cyber security crisis response

by | Jun 10, 2021 | Corporate Partner News

When responding to a cyber security crisis, well-embedded plans and processes are crucial to supporting the business and technical response. But a successful response also strongly relies on a number of human factors. An often small leadership group has to make difficult decisions and provide direction to those relying on them, under pressure and up against a ticking clock.

In contrast to other types of crises, cyber crises are particularly complex due to three characteristics:

  • They are often widespread, and their impact traverses geographical boundaries.
  • They present a high degree of uncertainty, forcing executive leaders to make difficult decisions without a full understanding of the situation.
  • The lifecycle of a cyber crisis continually evolves. This means that the decisions responders make can directly affect how the rest of the situation develops.

The situational pressure that comes with tackling a cyber crisis can trigger a physiological, emotional and cognitive impact on everyone involved. The high degree of stress that crises can generate has a direct effect on the human brain’s ability to think clearly – and therefore on how we react. Minimising the impact of these responses is crucial to a successful crisis response.

There’s no simple formula to avoiding the stress brought on by a cyber crisis. But just as crisis management plans allow organisations to rely on pre-agreed response processes, there are actions you can take to minimise the impact of physiological, emotional and cognitive responses.

  1. Develop self awareness of your own response tendencies and leadership style under stress:Crisis managers can benefit from reflecting on their own reactions when operating under pressure. Gaining experience, either individually or as part of facilitated training and coaching sessions, so you can identify and anticipate your own potential vulnerabilities will provide useful preparation and reduce unexpected reactions.
  2. Acknowledge the critical role of wellbeing:crisis management is often misperceived as a discipline characterised by a default state of constant chaos. However, performing effectively during a crisis greatly depends on the resilience that crisis responders build outside of the crisis room. While the definition of wellbeing is different for each person, cultivating proactive resilience (healthy body and healthy mind) is a key common denominator amongst the most effective crisis responders.
  3. Plan for the availability of resources in advance:the combination of multiple workstreams and a finite number of resources is the most common cause of burnout amongst responders within the first few days of a cyber crisis. You can reduce this risk by developing and maintaining a robust crisis management plan that includes contingency resourcing considerations. This may take the form of a rota or third party support that can be called on at short notice. By addressing the potential constraint of resources as part of your cyber crisis planning, you can maximise the effectiveness of your response.

Responding to a cyber crisis inevitably involves a degree of stress. However, acknowledging the human reactions that responders may experience should be part of any organisation’s crisis planning. No matter how sophisticated a cyber attack may be, an effective response will ultimately depend on your people, and their ability to think clearly and strategically.

Join us at our next Cyber podcast: Keeping your operational technology secure

In this episode we’re joined by Sean Sutton and Cara Haffey to discuss how organisations can secure their operational technology (OT). We discuss:

  • How OT security differs from IT security.
  • Threats we’ve seen targeting operational technology, with a focus on the manufacturing sector.
  • Steps you can take to tackle threats and build resilient operations.

Host: Abigail Wilson, Cyber Threat Operations Manager, PwC UK
Guest: Sean Sutton, Cyber Security Partner, PwC UK
Guest: Cara Haffey, UK Industrial Manufacturing Leader, PwC UK
Duration: 15m 37s

Listen now

Itunes – https://podcasts.apple.com/gb/podcast/keeping-your-operational-technology-secure-s3e5/id1233628925?i=1000522537582

Spotify – https://open.spotify.com/episode/5YYC7fnicrMyTQDEqEHfvN?si=799qFDG3Rmi63SuKlrXaVw&nd=1

Register to receive a copy of our report Private business: The way ahead 

Saffeena Geldart

PwC | Director

Mobile: +44 (0) 7808 035 667

Email: saffeena.geldart@pwc.com

http://www.pwc.com/uk

https://thesuite.pwc.com/ https://www.linkedin.com/in/saffeena-geldart-32815a37/

For further insights on COVID-19, please see our website.

Visit our Private Client webpage to find out more about how we help our clients

Alternative Contact: Zoe Gray| Secretary | Phone: 07718 976 896| zoe.v.gray@pwc.com