Did you know?
- Over 85% of Canadian organizations surveyed for CyberEdge's latest Cyberthreat Defense Report were victim to at least one cyberattack in 2021.
- The average cost of a data breach for Canadian organizations in one year was $7 million, according to IBM's 2022 Cost of a Data Breach Report.
Although it appears that more Canadian businesses* have introduced cybersecurity training among employees following a spike in cyberattacks over the pandemic, it is still extremely important that business leaders are prepared to respond promptly and effectively in the event of a breach.
The steps that must be taken during and after a cyberattack are vastly different from other types of corporate crises. All businesses should be ready with a thorough plan that can be immediately mobilized for communicating with employees, customers, external partners and the public.
“If not before, owners of businesses across Canada are now left with the unavoidable reality that it’s not if, but when their company will face a cyberattack,” says BOXX Insurance, a cyber insurance provider based in Toronto.
Here are five tips from BOXX Insurance for business leaders to effectively manage communications in the midst of a cyber incident:
1 - Name a senior executive to your cyber incident response team.
The responsibility cannot be left solely to the IT team. Not only will a senior executive help build bridge the gaps between the IT team, legal department and any external partners, their presence enables swift decision-making as the breach unfolds.
2 - Never engage with cyber criminals alone.
All communications with cyber criminals must be heavily screened by experts in the field. This is particularly important in the event of a ransomware attack, wherein a ransom is being demanded in exchange for regaining access to stolen data or to keep stolen data from being published. A poor response by executives in these situations can exacerbate both the financial and reputational harm done to the business.
3 - Stay on top of applicable compliance and reporting requirements.
Regardless of the size of your business, what industry you are in and whether you are publicly traded or privately held, you could be subject to data protection regulations and reporting requirements that vary globally.
4 - Prioritize accuracy over speed.
While a delayed response could have a severe impact on a company’s reputation, acting with and releasing inaccurate or incomplete information can cause even more damage. Being prepared with a breach response plan (along with support from legal, compliance, operations and IT security experts) is more important to your odds of recovery than just speed alone.
5 - Establish a contingency communications system
A data breach could leave your organization without access to company email. If this is your primary channel of communication, it is crucial in the aftermath of a cyberattack that you have an alternative method for quickly and easily communicating with your response team members and disseminating information to employees, customers, external partners and the public.
* According to the 2021 CIRA Cybersecurity Survey, over 60% of organizations report creating training material to promote cybersecurity awareness among staff (up from 54% in the previous year).
This content is powered by the Canadian Broker Network.
CapriCMW is a proud member of the Canadian Broker Network (CBN), an alliance of Canada’s leading independent insurance brokerages representing over 50 offices, 1,500 professionals and over $1 billion in premiums. Learn more at canadianbrokernetwork.com.