An Executive Voices Blog by Brandon Gates, Founder and Principal Consultant at Reliable Cyber Solutions

Picture this—You’re driving your shiny new car on a sunny day when, suddenly, you hear a loud bang. You’ve got a flat tire. Now what? In the world of cybersecurity, a well-crafted Incident Response Plan (IRP) is like having a spare tire, a jack, and a tire iron in the trunk of your car.

It’s crucial to plan for the protection of your brand. In the same way that bad actors are using increasingly sophisticated methods to sell counterfeit products, those working to illegally access your customers’ personal information are also developing new methods.

According to recent data from AAG IT Services, malware attacks increased 358% in 2020 and increased 125% through 2021. And up to 40% of cyber threats now occur indirectly through the supply chain.

The average cost to businesses as the result of a cyber breach in 2022 was $4.35 million, and it’s estimated that cybercrime cost the global economy $7 trillion during that same period. This number is expected to rise to $10.5 trillion by 2025.

Beyond the financial consequences, cyber breaches can also have serious repercussions on the reputation of your brand.

In 2018, global hospitality company Marriott International experienced a massive data breach that exposed the personal information of 500 million guests. Similarly, in 2017, credit reporting agency Equifax experienced a significant data breach where the personal information of 147 million people was compromised, including Social Security numbers, birth dates, and addresses. These types of incidents result in criticism, with many customers questioning the security of their data and the overall trustworthiness of the affected brand.

Moving forward, cybersecurity will be a key factor in not just the protection of brands, but also in their expansion. In fact, AAG IT Services estimates that, by 2025, more than half (60%) of organizations will use cybersecurity risk as a key factor in determining business engagements with third parties.

As a result, creating a proactive and comprehensive IRP is essential. To do this, you need to assemble a team consisting of IT, legal, and PR personnel to ensure your plan is holistic and comprehensive. It’s important to create simple and concise procedures—imagine reading a confusing instruction manual while trying to change a tire. Frustrating, right? That’s why your IRP needs to be clear.

And you wouldn’t trust a mechanic who’s never changed a tire, so why trust an untrained cybersecurity team? Provide regular review and rehearsal sessions and run tabletop exercises to familiarize your team with the IRP. This is especially important because, according to data from AAG IT Services, 82% of breaches against businesses involved a human element (including error and social engineering).

A robust notification system keeps everyone in the loop when an incident occurs. This rapid communication helps to minimize damage and ensures a speedy response, which in turn protects your brand’s reputation from taking a nosedive.

And remember that every incident is a learning opportunity. After an event, conduct a thorough post-mortem analysis to identify what went well and what didn’t.

By assembling a skilled team, understanding your assets, creating clear procedures, rehearsing, setting up a notification system, and learning from past incidents, your brand will shine as responsible and proactive.

Brandon Gates helps retail businesses that are challenged with unreliable business systems to improve their reliability and security, ensuring that their businesses thrive. For over 21 years, Gates has helped companies including AT&T, Bank of America, NSA, NYC DOE, Army, and Navy to improve their business systems’ reliability and security using world-class processes. https://www.rcybersolutions.com/