3 easy traps your CMT could fall into and how to prevent them

Your Crisis Management Team, CMT, helps prepare your organisation for an incident and manages the strategic response to any incidents or crisis that occurs.

In my experience of running cyber crisis simulations with these teams I see the same issues present themselves over and over again regardless of industry or maturity.

Here are the top 3 issues I see and how you can ensure your CMT don’t fall into these traps:

1. Loss of focus:

It is so easy to stay focused when the pressure is on but all too often that wave of enthusiasm from the CMT and execs soon fades away. Other things come up and complacency can easily set in. To prevent this make sure you raise the issues seen in attacks other companies have faced and get them to consider what this would mean for you.

2. No chair:

All CMTs need a chair. Someone who will ensure that the checklists and playbooks are being followed and that actions in a crisis are being assigned. It is crucial that the CMT all collectively agree on who the chair should be, appoint a deputy chair because we need redundancy AND that person understands the role they play. Running exercises helps cement both the chair’s role but also ensures that the rest of the CMT understand their roles too.

3. Too much chat, too little action:

I often see that from a discussion and analysis perspective the CMT’s overall do really well. What they often struggle with is taking decisive action and collectively bringing that into being. A classic example is in the ransomware scenarios I’ve run – usually the CMTs are brilliant at discussing the pros and cons of paying but never actually want to come down on one side or the other. Managing a crisis, any crisis, is about making decisions. You have to use the data you have to inform the best decision and then move forward. So put pressure on your CMT to make decisions in exercises. Don’t let them get away with “it depends”.

Ultimately being naturally good at handling a crisis is a myth. Like anything else practice is key to ensuring you have an effective, decisive and cohesive CMT when you need them the most!

Related Posts

Your New Ransomware Business Partner   

Your New Ransomware Business Partner  

2020 and 2021 have seen some pretty epic ransoms being paid by companies that at one point in time you would have assumed would never pay. Ransomware groups have undertaken a rebranding of sorts. They have their business model pretty well tuned and their...

Rebuilding after a cyber attack

Rebuilding after a cyber attack

We talk a lot about handling the initial car crash of a breach. What to do first, the comms that need to go out and the reporting to regulators. This all happens within the first few hours or days of a breach being discovered. What about after that? Last week I ran...

The Gold-Silver-Bronze Command Structure

The Gold-Silver-Bronze Command Structure

The Gold-Silver-Bronze or ‘GSB’ command structure was rooted in and developed heavily by the UK emergency services. It was designed to establish a clear hierarchical framework and operational clarity for the command of major incidents or disasters. It is now used by...