Image

Enterprise Incident Response from an Executive Perspective 

A major data breach or ransomware attack can have serious financial, legal, and reputational implications for organizations. The success of incident response in these situations depends on the involvement of executive leadership, technical teams, legal teams, and communication teams, as well as effective cross-functional collaboration and communication. It's essential for executives to understand the importance of incident response and play an active role in the process – both in readying the organization in advance and during the actual incident response. 

This paper discusses the challenges faced by executives in incident response and emphasizes the need for collaboration and communication among various stakeholders. We highlight the roles and responsibilities of each team during a major incident, including the technical team's responsibility to contain the attack and the legal team's role in ensuring compliance with regulations and laws. We also examine the critical role of PR & Communication teams in managing internal and external communications, which is crucial to preserving customer trust and avoiding reputational damage. 

In addition, we stress the importance of regular incident response training and drills for all stakeholders to ensure preparedness in the event of an attack. Our paper provides insights for senior cybersecurity experts and executives to promote a culture of collaboration and to develop effective communication strategies that can enhance organizational resilience and mitigate the impact of a major cyberattack – for example by a ransomware. 

As the threat landscape continues to evolve, it's critical for organizations to be proactive in their incident response efforts. The objective is to challenge the assumption, that defense is impossible and that during incident response, it is the attacker who sets the operational tempo, has the initiative and forces the defenders into reactive position. With a proper preparation and top management buy-in, it is possible to ready the enterprise for such situations in a way, that allows to flip the paradigm and took the initiative back from the attacker. 

Petr Špiřík

PwC Cyber & Privacy Partner and the EMEA Managed Cyber Services GTMT Lead. 

Experienced CISO and global cyber security executive with strategic vision, cross-disciplinary expertise and proven track of record. Leading the global organizations through change - building, transforming and managing their enterprise security, with the executive level stakeholders. Former security engineer, SOC architect, threat intelligence lead, PwC CEE CISO and VP/CISO in SUSE Linux. 

Passionate about privacy, cyber security education and cross-disciplinary mashups. 

Certified CISSP, GRID, CRISC, CIPP/E, GCIH and ISO 27001 Lead Auditor.