CYBER INCIDENT
PREPARATION & RESPONSE
CYBER INCIDENT PREPARATION & RESPONSE
Our cyber incident capabilities
Media relations
Digital & social media
Stakeholder engagement
Customer communications
Employee communications
Executive media training
Reputation management
Data breach simulation
Digital response centre
Our work in cyber incident preparation and response
We have extensive experience in assisting our clients with a range of incident responses and guiding issues and crisis management to protect reputation.
We developed our data breach specialisation following changes to the Australian Government’s Privacy Act in February 2018 as well as the introduction of the European Union’s GDPR requirements.
We have worked on more than 40 data breaches across several sectors and jurisdictions, including charities, tourism and hospitality, healthcare, insurance, e-commerce, government, property and financial services and healthcare, including some extremely challenging and high-profile matters.
We are the preferred partner for Australia’s leading legal and forensic IT teams, and insurers, specialising in cyber incidents of all types and sizes.
We conduct audits of crisis management and data breach response plans, and simulation exercises for boards and executive teams.
Our cyber experts
RHYS RYAN
Chief Executive Officer
ARJ GANESHALINGAM
Chief Operating Officer
LAURA HILL
Special Counsel
LAUREN CLANCY
Client Partner
MADI WEST
Client Partner
SAM CHEN
Consultant
ANNIE COLLISON
Consultant
Our cyber experts
RHYS RYAN
Chief Executive Officer
ARJ GANESHALINGAM
Chief Operating Officer
LAURA HILL
Special Counsel
LAUREN CLANCY
Client Partner
MADI WEST
Client Partner
SAM CHEN
Consultant
ANNIE COLLISON
Consultant
RECENT EXPERIENCE
A national financial services provider was the subject of a malicious attack which resulted in sensitive data regarding its employees and customers being downloaded and stolen. Compounding the problem was legal trigger clauses that demanded immediate notification, even of loss of mundane data. We crafted the right messages to notify quickly. The transparency and sensitivity with which the incident was handled resulted in minimal client concern and only a short burst of employee outcry.
We have led several data breach simulations to see how organisations prepare against an escalating scenario. Each scenario is based on real-life experiences which test the organisation’s operational and communications capability during a data breach – while adhering to their values and purpose. We provided real-time feedback and a debrief session to advise each organisation to implement critical changes to communications assets, and ensure they are ready to protect their reputation during a real incident
A large health insurance provider lost data that referred to more than 100 kinds of health insurance claims and some customers lost financial records. We created a suite of specific communications content, from hundreds of letters to affected individuals to talking points for phone conversations with those who had lost extremely sensitive material. Despite the high-profile nature of the organisation and the salacious nature of the breach, our methodical and transparent approach resulted in zero media coverage of the incident, and almost no customer backlash.
One of Australia’s most reputable charities was the target of a cyber attack, less than one month before the most important donation drive for the year. We worked alongside cyber response partners to prepare a formal notification to impacted individuals, and develop a comprehensive media strategy endorsed by the board and leadership. Knowing the incident would receive media coverage, the cornerstone of our strategy was proactively informing a trusted group of journalists who understood cyber incidents, to ensure factual accuracy in the way the incident was reported by media.
Our guiding principles for cyber incident response
Prioritise those impacted
You must prioritise direct, transparent communications to your customers, consumers, staff and stakeholders; adhering to the parameters and guidelines of local regulations. Media is a second priority. If you do the right thing by the first group, you will be regarded more favourably by media.
Watch the news cycle
While a data breach may appear to be a low-level, the daily news cycle can be unpredictable, and it is important to be well prepared to avoid being caught in a story you didn’t see coming.
Consider the “pub test”
The consumer and stakeholder expectation on speed and transparency of response is not fixed. This expectation – the “pub test” changes with news and political cycles.
CYBER INCIDENT Preparation
Strong and comprehensive cyber incident preparation should be a Board-level issue. Organisations must be well-prepared for a cyber incident, with the sophistication of today’s threat actor and the complexity of our economies.
Porter Novelli’s approach to cyber incident preparation is in three elements:
- Audit and review of our client’s current crisis management plan, business continuity plan and specific cyber incident response plan.
- Recommendations on improvements to plans, or development of plans if required.
- Annual simulation exercise with crisis management response team, to test the plan and ensure the team is prepared for the incident when it occurs.
We build realistic scenarios that are bespoke to our clients’ business. This is often coupled with media training for key executives, given the need for executives or directors to front the media in many high-profile incidents.
CYBER INCIDENT Response
Our approach to notifiable data breaches (or suspected notifiable breaches) is a tried and trusted approach that allows us to effectively help clients prepare and navigate every stage of a data breach, even after the incident has been managed.
Porter Novelli’s approach to cyber incident response is in three elements:
- Immediate Preparation: Immediate briefing, rapid desktop research, holding statement.
- Rapid Response: Communications strategy, key messaging, media monitoring, media training.
- Media Strategy: Refine media plan, community management of social channels, ongoing media monitoring.
- Managing Enquiries: Inbox to manage enquiries, rolling comms updates to key stakeholders.
- Address Damage: Advice on strategies to restore reputation, content to be used if new information comes to light, ongoing media monitoring.
- Go Above and Beyond: Communication and compensation strategies that address the toll consumers experience in the wake of a data breach.