From the Global Maritime Cybersecurity Consortium, by John Felker, President, Morse Alpha Associates
Leadership, cyber incident response, and crisis communications. At the beginning of the 21st century, it seemed these topics did not have much in common. In a relatively short span of time, these are now intertwined and have become a part of everyday business operations and concerns. Cyber criminals are more aggressive and creative as they find new ways to steal or hold your “crown jewels” at risk. As evidence, the MTS-ISAC shares a regular and increasing volume and sophistication of attacks every day. As we see in their threat reporting, these adversaries work around the clock, making it a necessity for you to think through your risk and incident response plan actions and mitigations in advance – and PRACTICE them! These attacks pose a continual threat and organizations can realistically anticipate having to respond to multiple incidents of varying degrees of severity impacting their organizations and stakeholders.
In addition to internal pressures to communicate, insurance and coverage providers as well as governments around the world continue to contemplate and enact new requirements and regulations. These external factors require more strenuous attention to cyber governance, policies, and practices, and often have strict requirements related to incident reporting. Executive leaders are compelled to not only improve their talent pools, but also improve how cybersecurity efforts are communicated across and outside the organization. The application of incident response communication best practices can help retain customers, increase trust with third parties, and enhance corporate resiliency.
As a result of these challenges, Boards of Directors are adding talent that understands cyber and its business impacts. The Board of Directors needs you, as either the lead or as part of the cybersecurity team, to know how to translate cybersecurity concepts, policies and efforts into business terminology that less cyber-fluent leaders can understand. As a leader in your organization, you need to understand these issues and the threats to your business – do you grasp how to think about and communicate your risk related to cyber in business terms? Can you talk about cyber risk in a way that makes sense to non-cyber leaders? More importantly, is your organization properly set up to respond on a bad day? Have you drilled and exercised your team to deal with that bad day? Have you integrated the third-party service providers you may depend upon? How do you communicate internally and externally when you are in the middle of an incident? Do you also understand that supply chain insecurity is becoming YOUR leadership responsibility if it could impact your business or your customer base?
And it doesn’t just end with you. As a leader in your organization, are you hiring the right people? Are you coaching your team to do the right things? Is your team set up to succeed? Do you have the right partners? Have you connected with all of the appropriate third parties?
Join us at the Maritime Cybersecurity Summit Practitioners Training Day, November 15, 2023 in Miami, to discuss these important LEADERSHIP issues as part of a focused session on Incident Communications and Reporting. As incident reporting requirements continue to expand, communicating and reporting incidents has taken on a life of its own. In this module, participants will learn about internal and external incident communications and reporting best practices, including with executive leadership, corporate communications, government relations, customers, and third parties. Our team of experienced leaders and expert practitioners will guide a wide-ranging discussion!