How Prepared is Your Organization for a Cyber Incident

How Prepared is Your Organization for a Cyber Incident

September 28, 2017

Authors: 
Devon Ackerman, Senior Director | Cyber Security and Investigations, Kroll
Ron Dormido, Director | Cyber Security and Investigations, Kroll

As we’ve seen recently with Hurricanes Harvey and Irma, natural disasters can have a devastating impact on families, homes, and businesses. However, we have to keep in mind that human-caused hazards, such as cyber attacks, pose a very real threat as well to people and businesses around the world.

The Hiscox Cyber Readiness Report 2017, released earlier this year, found that cyber attacks in 2016 cost the global economy over $450 billion. In addition, the report found that 53 percent of companies surveyed were ill-prepared to handle cyber attacks. In light of these findings, and in the spirit of Cyber Security Awareness Month, Kroll encourages all organizations to take the time to evaluate their current status to see how they rate in their ability to respond to cyber attacks. Here are some key points to consider as you take stock of your response policies and procedures:

  • Ensure you have executive buy-in. Even with the best thought-out plans, lack of support from the top can make the difference between success and failure.

  • Determine regulatory requirements. Many governing bodies establish guidelines for response planning; make sure you do your homework to ensure your organization is in compliance.

  • Get all key stakeholders involved. Response planning and implementation requires a multifaceted approach; ensure you involve all the key decision-makers throughout your organization.

  • Perform a risk assessment. Do the research to get an accurate picture of the threats and hazards facing your organization.

  • Train your people and test the plan. A well-written response plan may be useless if the people tasked with implementing the plan have never trained on it. Develop realistic incident scenarios so you can “train as you fight.”

  • Hold after-action reviews. Following every live response and training event, assemble the key players so you can identify weak and strong areas in your plan, and make adjustments as necessary.

Benjamin Franklin is credited with saying, “If you fail to prepare, you are preparing to fail” – words of wisdom that are as applicable today as ever.


Cyber Security Awareness Month is observed each October in the United States and across Europe. Sponsored by the U.S. Department of Homeland Security and the European Union Agency for Network and Information Security, Cyber Security Awareness Month is designed to raise awareness about the importance of cyber security among organizations and individuals by providing tools and resources to stay safe online and increase resilience in the event of a cyber incident. As the global leader in risk management, Kroll is proud to support Cyber Security Awareness Month by providing actionable insights that help people and organizations on their path to cyber resilience.

Devon Ackerman SENIOR DIRECTOR, CYBER SECURITY AND INVESTIGATIONS

Devon Ackerman is a Senior Director with Kroll’s Cyber Security and Investigations practice, based in Secaucus. Devon is an authority on digital forensics and has extensive experience in the investigation and remediation of cyber-related threats and incidents from his years with the Federal Bureau of Investigation as well as in the private sector.

Read More

Devon Ackerman