03 Mar 2020

Cyber breach risks 02: Crisis Management

Dan Heywood says strong crisis management should be your first step in responding to a cyber breach - but what should that include?

Other Cyber breach risks videos

Related Knowledge

Get in Touch

Get in touch information is loading


Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this communication. Persons listed may not be admitted in all States and Territories.


Crisis management is something that is affecting all of us today.  When a board can come out, or executives come out of a situation in a positive manner, they are adding value for their shareholders.  Organisations, both small and large, can be affected by different types of crises.  These crises include things such as fire in a warehouse, a natural disaster, the death of an executive or even a data breach.  So, today we are going to talk about putting in the right plan for the future so you can contain a breach, whether it is a cyber breach or there is data taken as well in the case of a data breach, and really come out of that situation in a positive mine set.

There are four areas that you will need to include in your business continuity plan.  The first one is assign,  we need to assign roles to the relevant people.  The second one is contain, we need to contain any issues such as leaks of information.  Third is preserve, we need to preserve all the data in case it needs to be used at a later date as evidence in ongoing litigation.  And then lastly - assess.  We need to assess how big the issue is, and how to go forward with it.

Going down into those in a little bit more detail, assign, let's get key people in the room.  You need a project management office that are going to take ownership of the project from start to end.  You need a legal advisor who can understand all the key legal risks and advise you on issues going forward.  You need an insurance expert that can give you the understanding of any claims that may be going forward and any recourse that you might have.  And you need technical experts, now these can include internal IT experts that understand the systems that may have been breached, or it can be external forensic providers.

The second phase is to make sure we contain either the virus or the breach.  We need to look at three different areas.  We need to disable the access to the different systems.  We need to install patches to make sure there is no malware sitting on our system that we don't want there.  The third thing that we need to do is we need to reset passwords to make sure that our staff can get back on to our systems as soon as possible to continue their work. 

Our third phase is preservation.  Now, we need to make sure that we preserve all the relevant information that may need to be used at a later date. Preservation can start at things like emails, mobile devices, laptops or server information. We need to capture that information and quarantine it to make sure that we can use it at a later date.

The final phase is assessment, we need to understand who, what, why and when. We need to understand who might have done it internally or externally, assess how big the issue is and then try and ensure that it doesn’t happen in the future going forward.