Maximizing the Value and Outcome of a Cyber Incident Tabletop Exercise
By CJ Dietzman, Alliant Cyber
As cyber threat actors evolve in their attack strategies, so must organizations evolve their cyber readiness, response and resilience strategies to mitigate risk and negative impacts. A core component of cyber readiness is the cyber incident tabletop exercise, which is most impactful when it results in actionable output and outcomes.
CJ Dietzman, Senior Vice President, Alliant Cyber, has been conducting tabletop exercises with business executives for 20+ years, focusing on cyber incident response, fraud and disaster recovery. In this Q&A, CJ digs deeper to help organizations go beyond “checking the box” and ensure tabletop exercises are conducted effectively to identify issues that can be addressed to significantly reduce their cyber risk.
Who should be involved in a cyber incident tabletop exercise?
It is no longer sufficient to have the information technology team sitting siloed around the tabletop. A cyber incident tabletop must go further than the IT and security teams to include resources from across the organization, including executive leadership, line managers, internal audit, risk management, communications and legal counsel—all critical participants in an effective cyber incident tabletop exercise. These stakeholders must be present and participatory to achieve a fulsome walkthrough of critical business processes, assets and resources that could suffer detrimental impact if the organization were attacked.
Can you discuss the role of the communications team in cyber incident response?
Communications is an area that can often be overlooked and undervalued as part of the cyber response plan. It can be very difficult to effectively manage a cyber incident response without well-defined and validated communications protocols, processes and accountabilities. Organizations can run the risk of employees, executives and business partners operating in the dark or being misinformed about the implications or severity of the incident. Additionally, if incorrect messaging is communicated to external parties, for example media and customers, it can exacerbate the effects and cause negative operational, reputational and financial impact to the organization. An important objective of conducting tabletop exercises is to ensure every key team member understands their assigned role, and if a crisis does occur, how the correct messaging will be communicated effectively and efficiently to all internal and external stakeholders.
How does cyber incident response tie into business continuity and disaster recovery initiatives?
Organizations often neglect the importance of integration and overlap between their cyber incident response and their business continuity and disaster recovery initiatives. Many organizations treat these as separate components, which can expose the organization to other unforeseen risks, such as wasted or inefficient resources, confusion on who’s in charge and which processes should be followed for any given incident, as well as other negative risk outcomes. When cyber incident response, business continuity and disaster recovery are thoroughly integrated, it can have a “force multiplier” effect on positioning the organization in a more defensible position in the face of cyber threats. Recognizing the connection between the three presents an opportunity to improve organizational resilience.
Is there anything organizations commonly overlook during cyber incident response planning?
It is not uncommon to find that businesses have not selected or established relationships with the third-party vendors and law firms on their cyber underwriter’s approved panels. This can lead to a great deal of confusion and time wasted during an actual cyber incident. Further, if the business uses a vendor or firm that is not on the carrier’s panel of approved providers, they will likely not be able to claim the significant associated costs under their policy. Businesses should ensure their retainers and third-party relationships are in place and that critical vendors are involved in the tabletop exercise.
CJ Dietzman was recently joined on a podcast by David Finz, Alliant Specialty Claims, where the duo discussed the significance of cyber incident tabletop exercises and best practices for effective cyber risk management. They emphasized the importance of validating cyber readiness plans through exercises covering technical, legal and communication aspects with the goal of improving cyber incident response.
Listen to the podcast, “Cyber Incident Readiness: Tabletop Exercises for Effective Risk Management.”
Alliant note and disclaimer: This document is designed to provide general information and guidance. Please note that prior to implementation your legal counsel should review all details or policy information. Alliant Insurance Services does not provide legal advice or legal opinions. If a legal opinion is needed, please seek the services of your own legal advisor or ask Alliant Insurance Services for a referral. This document is provided on an “as is” basis without any warranty of any kind. Alliant Insurance Services disclaims any liability for any loss or damage from reliance on this document.
