Advisory Services
At CAP, we understand that in today's digital landscape, cybersecurity isn't just about defence; it's about readiness. Organisations need more than just a shield; they need a comprehensive strategy for response and recovery. Continued examples of poorly handled incidents in Australia and globally highlight the importance.
Our mission is clear: to assist organisations in preparing for the impacts of major ransomware attacks. We believe that people will forgive you for being attacked, but they will be less forgiving if you are unprepared and unable to support your customers. Regulators & courts globally are increasingly reinforcing this message with fines, penalties and class actions.
What is Cyber Organisational Response & Recovery (CORR)?
CORR is the term CAP uses to describe an entire organisational response to a major cyber incident, not only Cyber Incident/Attack Response. CORR planning & exercises actively involve business functions that have accountability during a major cyber incident, and encourage updating & augmentation of existing crisis and technical disruption management plans (e.g. Business Continuity & IT Disaster Recovery plans) to include the extreme impacts of ransomware.
This approach assists organisations to respond and recover quickly to a major incident while maintaining focus on the welfare of their customers and other stakeholders.
Business functions that have critical roles during a ransomware incident include:
Cyber – IT – Crisis Management – Executive & Board – Legal – Communications – Customer Service – Business Resilience – Disaster Recovery – Insurance
These functions may or may not be supported by one or more external service providers, however accountability to stakeholders remains with the business function.
Current regulations including DORA in the EU, SOCI & CPS 230 in Australia, are clear that regulated organisations must be prepared to manage business operations during an incident, and have tested the time it will take to recover critical systems from all technical disruptions, including the most arduous to recover from, ransomware, as compromised IT systems must be securely wiped and rebuilt.
Advisory Services
CAP provides advisory services to leaders & planning teams, assisting them in unravelling the reputational and financial ramifications of significant cyber attacks. We address planning challenges such as impact assessment, leadership accountability, decision-making, third-party support, insurance and rapid IT service recovery. Additionally, we aid in establishing an effective exercise and testing regime, including scenario walkthroughs, exercises, and simulations.
Insights, Models & Examples
At CAP, we believe true organisational resilience begins from within. Our aim is to empower organisations to develop customised processes and artefacts in line with their risk appetite and capabilities. These frameworks must continually evolve, adapting to organisational capabilities and emerging threats. CAP aims to provide valuable insights, models, and examples, along with customisable templates, to foster understanding within leadership teams and enhance CORR strategies.
Considerations for boards
Before a major cyber incident happens, boards should know:
- The organisation is, and will at all times appear, prepared
- Support for customers can be provided throughout
- Critical IT services can be recovered within acceptable timeframes
Failure in any of these areas can cause potentially unsurvivable financial and reputational damage to the organisation.
In CAP’s experience, many board reports regarding cyber incident readiness do not fully detail the impact and areas where there are gaps. Often answers to questions on readiness are “we have a cyber incident response plan and should test it more,” and the meeting moves on.
Cyber incident response plans rarely include important considerations for long term impact reduction such as providing support to distressed customers during an incident whilst enterprise IT systems are unavailable. This can be weeks or months depending on the effectiveness of cyber incident response and IT service recovery.
During the attack response and recovery, the board may have accountabilities. Examples include the decision to cease trading stock, or to pay a ransom, these decision processes should be agreed, documented and tested.
In February 2024, the Australian Institute of Company Directors, Ashurst and the Cyber Security Cooperative Research Centre partnered up to release a paper that provides valuable detail in this area, “Governing through a cyber crisis”, an excellent resource for boards and incident management teams.
In June 2023 The Office of the Austrailan Information Commission (OAIC), the federal Privacy regulator, announced it is commencing action against Medibank, looking into their preparedness and the decisions they made during their October 2022 data breach incident. One for all Australian boards and accountable executives to watch.
CAP provides guidance to boards and planning teams on reading between the lines of cyber & IT board reports, developing and maintaining playbooks & facilitating board exercises.
“The only way to reduce the reputational, functional and financial damage caused by a cyber incident is to be prepared, be accountable and handle it well.”
Fergus Brooks
Founder & Lead Advisor, CAP