We’ve all heard the business maxim ‘failing to plan is planning to fail’, and while that is true of many situations, a lack of preparation and practice means, in the event of a cybersecurity incident, the impact can be vastly magnified, says Mark Jones, Senior Partner, Tesserent.

The cost of cybersecurity incidents in Australia continues to increase. In its most recent report, the Australian Cyber Security Centre (ACSC) found that the average cost of a cybercrime incident was $46,000 for small business, $97,200 for medium business and $71,600 for large businesses. The number cybercrime reports increased by 23% in 2023 with a new report received every six minutes.

No Australian business is outside the crosshairs of organised criminals. Australian businesses are a ripe target for cybercriminals seeking to steal data, conduct fraud or extort money. In many cases, a single cybersecurity incident can lead to business failure.

The only way to successfully navigate through a cybersecurity incident is with a comprehensive response plan. Without this, businesses risk making a bad situation infinitely worse.

What makes a comprehensive cybersecurity plan?

While the number of reported cyber-crimes is rising, the better news is that criminals are relying on several known techniques they have found successful. That means it’s possible to predict how they are most likely to attack. This knowledge can help businesses identify their greatest risks and put plans in place to counter those attacks.

There are three foundations to a robust cybersecurity response plan: protect, detect and respond.

Protection means having the right end-point protection software, that can detect and block incoming threats, on every device. All user accounts should be protected with multi-factor authentication where a second, unique code is needed in addition to a password. Invest time in helping staff identify the signs of fraudulent activity. Phishing scams that are designed to trick people into revealing usernames and passwords are very common. And business email compromise attacks, where criminals send fake invoices or demands for payment, can result in significant losses.

Detection can be challenging as many cybercriminals lie quietly in wait, avoiding detection until the moment they attack at an opportune time to create the greatest disruption. But there are some things businesses can do. Ensure you monitor log ins for anomalous activity and give your staff an easy way to report anything they see that’s unusual.

Despite all the best protection and detection tools you have at your disposal, an attacker may still get into your systems. And that’s why a response plan is important.

An effective response plan has two key components: getting the business back to normal operations as rapidly as possible and a communications plan that ensures all impacted parties are informed.

The business response will include a designated incident manager whose role is to coordinate the business and technical teams charged with restoring normal operations. This will include ensuring the risk of further damage and disruption is mitigated, recovering systems and data from backups and putting alternate arrangements in place while business is disrupted.

The communications plan needs to consider who should be told about the incident, when they will be told and in what timeframe.

Communication plans need to factor staff (including protocols to ensure they don’t post anything about the incident on social media), customers, suppliers and law enforcement. There may also be obligations to report the incident to the Office of the Australian Information Commissioner. And remember, you need to ensure you can communicate even if you don’t have access to your main systems.

Although you may not be able to anticipate every type of breach, it’s important to have templates and draft communications prepared and approved so you can move quickly during an incident. Trying to draft communications during an incident adds the risk of miscommunication and poor messaging that can exacerbate an already difficult situation.

Test the plan and practice

You should set time aside regularly to test all elements of the response plan. Conducting a mock incident will give the response team a chance to test the plan works and that each person understands their role. That can include practice media interviews where you think about the sorts of questions you might be asked and how you’d respond. In today’s connected world, it’s easy for a journalist to pick up on a customer comment on a social media site and start digging.

Every business in Australia is a target for cyber-criminals. Mainly motivated by money, criminals will seek to steal passwords to get access to your systems and data or trick you into handing over money. Ensuring you have the best possible protection and detection tools that are commensurate with the risks you face are important. But not having a well thought out and practiced response plan can turn a bad day into a catastrophe and add more dollars to the ACSC’s statistics.

Want more? Get our newsletter delivered straight to your inbox! Follow Kochie’s Business Builders on Facebook, Twitter, Instagram, and LinkedIn.