How we work_test

More documents

Recommendations

Info

Other literatureSize and sensitivity of cyber breachSmall (up to 1m)97Cyber incidents by data sensitivity(Data records lost)THE ANATOMYOF A CRISIS 3WHEN NOT IFWhat can cyber breaches of thepast 10 years teach us about howto prepare for them in the future?2020VolumeThese next images show the size of data breaches and the sensitivityof the data which has been lost across the 300 incidents. We believethat this information helps give our clients an idea of where theirbreach sits in terms of precedent and therefore how extensive theircrisis response plan needs to be. Any data breach can become veryserious, very quickly, but in terms of pure numbers, a data loss offewer than 1m records can be considered relatively small. At theother end of the spectrum, there is a special category reserved for the27 companies who have lost more than 100m data records, and twohave even had a billion records compromised.As for data sensitivity, we have categorised the lost data based onits contents, how sensitive it is to the customer and its value on thedark web. Financial and health information, for example, tends to betargeted more as a result of its higher resale value.Cyber incidents by size(Data records lost)XXL (100m+)27Large (5m-10m)26XL (10m-100m)72Medium (1m-5m)76EmailSome personal details Financial information Health/personal Full customeraddresses only(eg. Age, home address) (eg. Paypal, credit recordsdetailscard info)Less seriousMore seriousFor a management team handling a data breach, these charts provide Finally, we looked at cyber incidents by sector. The telecom, media,useful context. For example, a breach of 100,000 records would be and technology (TMT) sector dominates as it incorporates so manysmall in relation to other historical breaches, but because the data loss businesses – telecoms, media, app and web businesses – thatcontains personal medical information, it is materially more sensitive are fundamentally digital and therefore susceptible to externaland likely to have significant repercussions as a result.technological interference. Healthcare, government and financialorganisations are also featured due to the sensitive and valuabledata they hold. In ‘other’, we see critical infrastructure businesses,such as energy and transport, though these are less prevalent thanother categories.Cyber incidents by sector145 46 37 24 21 32Tech, media,Healthcare Government Financial Retail Othertelecoms8 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 9IntroductionOur research tells us that a cyber breach is the top concernfor boards and management teams. They prioritise it overtechnological disruption concerns, product defects and eventrade restrictions and they report lost revenue, customers andemployees among the consequences. And yet we see that fewerthan half of those business leaders are preparing to manage theircyber risk proactively in the year ahead. We believe that thisparadox is worth investigating. In the third volume ofThe Anatomy of a Crisis, we aim to investigate the cyberlandscape in more detail.Our objective with this report is to provide an overview of the cyber breachlandscape, the impact of these breaches and how companies have responded.What worked well and what didn’t work? We hope to provide critical informationto clients for the moment they face cyber breaches of their own.About The Anatomy of a Crisis seriesAbout this reportIn this age of round-the-clock company scrutiny, we see We used two different sources to compile the dataalmost as much focus given to how a company handles for our report. The first is an analysis of 300 publiclyavailablecyber breaches over the past 10 years,a crisis as the crisis itself. With turbulence in our worldgrowing on a daily basis, and the always-on nature including details on the type of breach, companyof the news, crisis has become a daily consideration performance, impact, company response, etc.for business. If handled poorly, crises can cause deepand long-lasting damage to a company’s reputation. If The second data source is our 2020 Resilience Barometer, whichcontains interviews with over 2,000 company leaders from G20handled well, a crisis can become an opportunity forcountries. References regarding the impact to people and the waya company’s management team to demonstrate their they responded come from this study.mettle to investors, customers and employees.Part 1 – Cyber BreachesWith this in mind, FTI Consulting is undertaking a series of research Provides an overview of the 300 publicly reported cyber breaches –studies into crisis events, called The Anatomy of a Crisis. Our aim is where they have happened as well as the scale and type of breach.to shine a light on those crises and assess how they played out witha view to helping businesses successfully navigate future disruptive Part 2 – Breach Impactevents of their own. Historical context and – crucially – data can be Assesses the impact that cyber breaches have hadthe critical factors in helping management teams make the right – the financial, operational and reputational damage that they cause.decisions in the heat of a crisis moment.PART 1CYBER BREACHESTypes of cyber breachThrough our research and in-depth analysis, FTI Consulting will helpmanagement and communications teams support their instincts withempirical data when considering their organisation’s cyber breachresponse strategies and plans.Part 3 – Company ResponseExamines how companies responded – their communicationsapproach and the operational changes they made as a resultof the breach.This analysis will help management and communication teamssupport their instincts with empirical data when they consider theirown cyber breach response strategies and communications plans.This section provides us with an overview of thecyber breach landscape, looking at 300 cyberbreaches from 2009 to 2019. Of course, many morecyber events have occurred, but not all have beenreported. This is a list of the largest breaches overthe past 10 years across the world – those whichhave attracted the greatest public attention.At the moment of a cyber breach, this information will allowmanagement teams to see how serious their own breach is,relative to those that have gone before.2 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 34 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 5
6 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 7Loss of intellectual propertyBreaches from inside and outThe view from business in 2019At the moment of cyber breach, the research presented in this studywill allow management teams to gauge the severity of their breachrelatively to those that have previously occurred.This first image shows whether breaches have come from outside theorganisation – including hacks, denial of service, ransomware andother forms of attack – or whether the incident has arisen as a resultof internal issues – such as an employee hack, a misplaced device orpoor security. We have cut the data this way as we will later considerwhether internal lapses have more significant consequences thanattacks from external actors.More than two thirds of the incidents came from attacks fromoutside the business. Management teams should preparefor these threats with activities such as cyber vulnerabilityassessments, penetration testing and threat- huntingoperations. This will help better understand your cyber riskprofile and ultimately build a robust security posture, whichis the best way to prevent a breach from occurring.The remaining third came from incidents which appear tohave originated from inside the business.We have broken down these 96 incidents into the fourbuckets mentioned above. The most prevalent cause wasinternal security lapse, which could have been avoided. Losthardware, deliberate employee breaches and human errorsare also important factors, underlining the need for properemployee training and awareness.Crisis incidents by typeAttacks fromthe outside204Breaches fromthe inside96Hack from insidethe business12Human error17Internal security lapse27Breachesfrom the inside40Lost laptop,USB, driveIn our survey conducted for the Resilience Barometer 2020, we askedbusiness leaders to list the corporate risks they had experienced inthe past year. A cyber-attack was the most common risk reported,overshadowing other threats such as product defects, leaks, traderestrictions and litigation.CYBER ATTACK #1corporate riskexpected in 202027% of respondents reported that their business experienced a cyberbreach in the past year. This number increases to 33% among thosecompanies where leaders report feeling under extreme pressure toincrease revenue, which underlines the truism that governance cansometimes be overlooked in the pursuit of growth at all costs.We then asked what type of cyber-attacks their business hadsustained in 2019. The most common breach was a phishing attack,followed by loss of customer or patient data, followed by the loss ofthird-party information.As leaders look to the year ahead, cybersecurity is again the numberone concern, and 26% of leaders expect their business to be harmedby an attack in 2020.Which of the following cyber attack has your organisation been negatively impacted by over the last 12 months?Phishing / Social engineering27%Loss of customer / patient data26%Loss of third-party information25%Distributed denial of service (DDoS)20%Ransom / Data hostage situation20%Other cyber attack19%Loss of intellectual property19%12 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 13The impactFinancial ImpactOperational impactPART 2THE IMPACTIn Part 2, we examine the impact thatcyber breaches have had on businesses.This data will provide managementteams with a good sense of theoperational, financial and reputationaldamage that can come from cyberissues – useful context as businessesplan their own responses.We begin with the financial impact, where we see cyber-attacks According to FTI Consulting’s 2020 Resilience Barometer, lost revenuehaving a disproportionate effect on business. Of all the corporate is also the number one impact mentioned as a consequence of cyberrisks mentioned, even compared to product defects, trade restrictions attacks. 27% of business leaders report lost revenue as a negativeor technological disruption, cyber is perceived to have the greatest impact of a cyber-attack in 2019. Further financial impacts can comeimpact on lost sales.from regulatory fines and litigation – 17% and 16% of businessesrespectively incurred these impacts.What was the negative impact as a direct consequence of these cyber-attacks?Lost revenue27%Lost customers24%Loss of value (stock market value)20%Fine from regulator17%Litigated against16%There was no negative impact27%26%Lost customersdue to cyber breachThe operational impact of a cyber breach can also be significant.The most obvious immediate consequence is data loss. 26% ofbusiness leaders say their breach resulted in the loss of customerdata, 25% report losing third-party data and 19% say that theirbusiness lost intellectual property (IP) because of their breach. Itis not surprising, therefore, that 24% of business leaders believethat customers have been lost as a direct result of a cyber-attack, anumber which is borne out of the lost revenue statistic previouslylisted.The impact of these incidents is also felt internally. 18% of businessesreport employees exiting the firm and citing the cyber breach asone of the reasons for leaving. A similar number – 16% – report thatpotential new hires decided not to join the firm because of the breach.Another operational consequence of a cyber breach is that attentionis diverted from the day-to-day management of the business. 20%of businesses reported this impact. In another of The Anatomy of aCrisis study, we report on the human cost of crisis – the mental andphysical impact on management and the cost on relationships withcolleagues and family.These impacts start to answer the question – why do managementteams care so much about cyber breaches?14 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 1516 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 17The impactThe responseReputational ImpactMedia volume:Medium-term response – business preparednessThe final piece of the impact puzzle is the issue of reputation. We used We have found much of the same with this research. For datathree measurements for reputation - share price, media volume and breaches that do not contain the most sensitive data, the marketmedia sentiment.reaction tends to be relatively benign. This context is helpfulas companies start the process of deciding where to focusShare price:communications energies at the announcement of a breach. There isIn our previous Anatomy of a Crisis reports, we suggested thetemptation to be ‘investor-first’ with corporate communications andshare price reaction to cyber-attacks tends to be relatively modest to be led by the needs of that group. However, the data suggests thatcompared to other forms of crisis, such as fraud and accidents. the market tends to be forgiving, and given what we have learnt aboutAlthough 20% of business leaders reported share prices dropping, our how customers and employees react to news like this, management2017 survey showed that while we see shares decrease in the first may be well advised to focus their attention on these groups first.few days after a cyber-attack, within three months, on average, thestock tends to recover.The exception to this is where the data lost is of a particularlysensitive nature. Here, the loss of value is significant.So, organisations should pay close attention to the sensitivityof the compromised data when they decide how best tocommunicate their response.Share price impact by data sensitivitySome personal details (eg. Age, home address)Financial information (eg. Paypal, credit card info)Health/personal recordsFull customer details20-2Does a cyber breach have a pronounced impact on media interest in a company? As you would expect, the answer is yes. On average,a company receives five times more media coverage, and eight times more social media coverage in the month after a cyber breachthan in normal conditions. We also see that the bigger the breach and the more sensitive the data, the bigger the media interest.4.7xMedia multiplier (breaches up to 10m data sets)8.3xMedia multiplier (breaches over 10m data sets)The size and sensitivity of the data has a bearing on how much interest the media showsFull customer details10.3 xHealth/personal records6.4 xLoss of third party informationDespite everything that we have learnt previously about the negative impact of a cyber breach and the seriousness thatmanagement teams apply to it, it seems that few are preparing to deal with the threat effectively. Only 45% of those we spoketo say that their businesses are preparing proactively to deal with a cyber-attack. And only 39% of business leaders say thattheir businesses are conducting cyber -attack simulations on a regular basis.Lost data Impact on stakeholders Impact on managementLoss of customer data25%Customers lost as a consequence of breach26%24%20%18%Employees left due to breachMental health issuesManagement attention diverted36%For those businesses which are investing in closing their security gaps, where is the money being spent?The top investment is in training. 35% of business leaders say that they have invested in employee awareness, security culture and trainingin the past twelve months – more than any other category. Given the prevalence of internal security breaches that we have seen in Part 1,this focus is understandable. That said, we also noted that lost devices and human error are declining, so these efforts appear to be having apositive effect. Companies clearly understand that training is a responsibility that sits entirely within their control, which is not always the casewith certain external elements of cybersecurity.Which of the following have you invested in over the past 12 months?Employee awareness, security culture and training35%Threat monitoring and detection capability33%IT patching and technology stress testing31%Available qualified cyber expertise in-house30%Cyber insurance in place27%Regulatory compliance obligations understanding27%Breach preparedness and response planning26%Third-party service provider vetting26%Crisis communications readiness26%Third party vendors/providers managed vulnerabilities identification24%Critical assets and systems identification24%-4-6-8-10Financial information (eg. Paypal, credit card info)Some personal details (eg. Age, home address)2 x2 x19%16%Ne w hires decided against joiningDeteriorating relationships with spouse and family20%Board-level awareness and support24%Sector and geographic threat awareness21%None of the above7%When it comes to external threats, the biggest investments are in technology – specifically threat monitoring and detection and IT patching andstress testing. Also high on the list of priorities are activities related to proper governance, namely in-house cyber expertise, cyber insuranceand a thorough understanding of regulatory obligations.-12StartAfter a dayAfter a weekAfter a month18 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 1926 | Anatomy of a Crisis Volume 3 FTI Consulting, Inc. | 27
Page 1 and 2: Design
Page 4 and 5: Our design teamHeading up the Desig
Page 6 and 7: Our design processfor youOOOOOMeet
Page 8 and 9: ImpossibleUtopia
Page 10 and 11: Workingtogether
Page 12 and 13: WorkingtogetherContent is the keyCo
Page 16 and 17: WorkingtogetherTrust usEvery spread
Page 20: WorkingtogetherProofreadWe simply c
Page 23 and 24: Stay flexibleBe open-mindedand resp
Page 26: Print
Page 30 and 31: 4 Strategic Communications Crisis C
Page 34: Online credentials
Page 38 and 39: Our design processfor youOOOOOMeetW
Page 40 and 41: Working togetherHelpful tips for be
Page 42: WorkingtogetherContent is the keyCo

How we work_test

Create successful ePaper yourself

Delete template?

Save as template?