This insurance company wanted to develop more skills in the field of incident response and learn how to more effectively handle a crisis that could lead to potentially major reputational, financial and technological damage.
What did the client want to achieve?
- Investigate how the current crisis team (business, legal, IT, communication and HR) would handle a cyber-incident;
- Test the policies in practice;
- Improve mutual collaboration;
- Achieve a better understanding of each other’s roles.
How did we do it?
This assignment consisted of two intensive Incident Response crisis sessions: one practice session for the board and one practice session for the team of IT Directors. In these 2-hour sessions, the crisis teams were introduced to their worst-case cyber-scenario and people had to make decisions every fifteen minutes, taking into account all their stakeholders, and define actions that would lead to all kinds of consequences.
The sessions were supervised by two experts who are part of the FoxCERT team.
What was the result?
- Because of the realistic scenario, the client has to be able to implement several improvements in their (crisis) policies. For instance, they found out that:
- There needed to be a short list of experts and independent contractors;
- There needed to be more focus on the stakeholders (per phase of an incident);
- The policies needed to be rewritten based more on actual practice.
In addition, these exercises gave them more confidence in the team and in their own skills. That is why the organisation has chosen to repeat this exercise every year.