header image

How to Ensure an Effective Cyber Incident Response

Jamie Smith 11 March 2020
11 March 2020    Jamie Smith

Cyber Incident Response: Perspectives from Inside the Risk Ecosystem

In our latest report, we examine a cyber incident from the perspective of several key stakeholders.

Download the report

Information silos get organisations in trouble all the time. They lead to operational inefficiencies when different departments duplicate efforts or fail to learn from each other. And they create critical information gaps, where poor decisions are made due to inadequate context or missing insights.

In today’s evolving risk ecosystem, the link between different risk factors has become more complex, and a siloed response to complex risk management problems and crises is simply no longer viable. Increasingly, risk owners need to navigate a highly interconnected risk landscape, where the roles and responsibilities of multiple stakeholders intersect. Nowhere is this more evident than with cyber incident response, where a multidisciplinary team-based approach has become the hallmark of best practice.

For this reason, in this report we have chosen to examine a cyber incident from the perspective of several key stakeholders who come together during a cyber-attack: the threat actor, the board member, the insurer, the lawyer, and the team of technical experts and forensic investigators that mobilise in response to an incident. The report is made up of experience-based insights, expert opinions, interviews and guidance for best practice. While each stakeholder brings unique insights and expertise, what emerges from the collection of articles is the fact that none can be extracted from the ecosystem without prompting a ripple effect that touches on all the others. 


The threat actor is arguably the central node in the cyber risk ecosystem – they are the threat to which all other parties are responding. Hackers 'with Organisation' looks at the mechanics underpinning how cybercriminals run what are, essentially, their businesses. This includes forming teams, maintaining organisational hierarchies and investing in both human capital and infrastructure. 

Of course, every attacker has a victim. Up and Out, Down and In explores a cyber incident from the perspective of the board. In the event of a cyber-attack, both internal teams and external parties will look to the board, or at least a member of the executive committee, for direction. What are the key questions that leaders should ask themselves ahead of, during, and after an incident, to ensure they’re adequately prepared to face the associated responsibilities?

But the board does not operate in a vacuum, and specialist service providers have come to play a central role in cyber incidents.

Here’s the Game Plan looks at the large and growing cyber insurance sector and what an incident looks like through the eyes of the claims team. Christine Flammer of AXA XL shares stories and insights from her team’s experience of responding to thousands of incidents over the years.

Often working closely with insurers and their policyholders are law firms specialising in cyber security and the regulatory landscape around it. In Legal Representation & Cyber Incident Response, BakerHostetler’s Ted Kobus and Osborne Clarke’s Charlie Wedin provide two perspectives on the role of legal counsel and their relationship with the victim during and in the aftermath of a cyber-attack.   

Indeed, there is more to cyber incident response than technical competency. In Beyond the Technicalities, we look at the various relationships that the responder – at the frontline of a cyber incident – needs to maintain with each of these stakeholders. These relationships reveal that qualities such as leadership, empathy and creativity are just as important in responding to a cyber incident as maintaining core technical competencies.

In cyber security, attack vectors refer to the means by which threat actors can gain access to a computer or network. These vectors are varied, designed to exploit different types of vulnerabilities ranging from human fallibility to systemic flaws. And they are frequently interlinked.

An effective response to a cyber-attack requires a similarly versatile and multidisciplinary approach. This approach is consultative and cooperative. Each stakeholder’s specialism is a critical part of a broader, collaborative response ecosystem, and together they form your vectors of response. 


In this report, we hope to demonstrate that an effective response to a cyber-attack requires a versatile and multidisciplinary approach. This approach is consultative and cooperative, one where each stakeholder’s specialism is a critical part of a broader, collaborative response ecosystem.

Download the report

S-RM is a global risk consultancy providing intelligence, resilience and response services to clients worldwide. To discuss this article or other industry developments, please reach out to one of our consultants.

Jamie Smith
Jamie Smith Head of Cyber Security Email Jamie

CYBER INCIDENT RESPONSE: PERSPECTIVES FROM INSIDE THE RISK ECOSYSTEM

In our latest report, we examine a cyber incident from the perspective of several key stakeholders.

Download Cyber Incident Response