\
Cyber breaches are a fact of life today, and with a [38% increase in cyber-attacks in 2022](https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/#:\~:text=Global%20cyberattacks%20increased%20by%2038,-learning%20post%20COVID-19.), it’s a matter of when, not If, you experience a breach. With this trend projected to grow year-over-year, cyber resilience is increasingly becoming table stakes. Given the increase in supply chain-related [cyber-attacks](https://hackernoon.com/the-phases-of-a-cyber-attack-and-how-to-guard-against-them), with nearly one-fifth of breaches occurring as a result of a breach in a company’s supply chain partners, it’s no surprise that company leadership and investors are demanding that all aspects of their business are protected and any organization they do business with is also cyber secure.

\
For large companies, stock prices may take a temporary hit but rebound quickly because they can devote immense amounts of resources, personnel, and finances to weather a cyber crisis. But a cyber breach can devastate startups and smaller companies running on much tighter budgets. And the costs of breaches are rising. In 2022, t[he global average data breach cost was $4.35M](https://www.ibm.com/reports/data-breach), the highest since the inception of IBM’s annual Cost of a Data Breach report.

\
So, what can companies that lack the resources of their larger counterparts do to protect themselves? As a serial start-up founder, I understand the specific challenges that emerging companies face. To insulate your organization from the ripple effects of a cyber breach and the associated costs and business disruptions, here are my four recommended to-do’s:

\
\
## **1. Assemble your SWAT team**

Any crisis for a small organization will likely be an all-hands-on-deck situation. When a crisis hits, you need to be confident and in control, and the best way to generate that sentiment is clearly defining who is handling what. Your SWAT team will likely include external partners to help shore up your cyber crisis response, including third-party services such as forensics, data recovery, and legal and public relations counsel. Begin researching these external partners early and communicate with them regularly to solidify your understanding of their capabilities during a breach.

\
Coming together immediately is critical, as the first 48 hours of any cyber crisis are the most vital. Because many organizations run entirely on the cloud, you may need to operate under the assumption that your systems and your cloud services are compromised during a breach.  In today’s remote and hybrid workforce, it’s doubtful you’ll be able to gather everyone together in one physical room to attack the problem promptly. With a virtual “war room” already in place, your SWAT response team can be up and running in as little as 20 minutes. For external partners especially, the out-of-network war room is essential to share sensitive documents and securely execute your cyber response plan.

\
## **2. Spend the time to build a plan and then practice it**

The worst time to develop a plan is during a crisis. I experienced a cyber breach at a previous startup when an executive’s work laptop, containing a trove of sensitive information, was stolen. This is a real example of how many things out of your control can result in a breach. Fortunately, we already had a plan in place by implementing strong encryption on all laptops to wipe the data remotely.

\
A guided plan outlining necessary steps can help mobilize everyone into action quickly and clearly. Ensure each team and individual knows their role during a cyber response and has immediate access to the plan. This is not the time for a lengthy document. The plan should be bite-sized to avoid impeding action efficiencies and elongating the impacts of the breach. As you develop your plan, consider the nuances of your industry and business operation across geographies and compliance protocols, which might require slightly different actions and reporting.

\
Most importantly, your plan is useless if you only dust it off when a crisis strikes. Practice is imperative. Shift your company’s culture towards preparedness by discussing your cyber breach plans often. Remember, if your network is compromised, you may be unable to access your plan. Running scenarios is a great way to build cyber crisis response muscle memory. Companies with their plan available out of band and those practicing it are more resilient than 65% of all global organizations.

\
## **3. Don’t skimp on cyber insurance**

Many large enterprises require all tiered partners to have cyber insurance or risk losing their business. Walmart in 2021 required a regional HVAC supplier to purchase cyber insurance or risk losing a $100 million contract. An active insurance policy can mitigate the costs of a crisis for small businesses.

\
The costs, resources, and external partners necessary during a cyber crisis can be surprising and, for smaller companies, often unrealistic. Even doing the bare minimum can deplete your company’s treasury, potentially triggering a death spiral for your company. Beyond covering direct costs, cyber insurance providers also have ready-to-go lists of recommended third parties vetted by the provider, reducing the time you spend researching and contracting with external partners.

\
## **4. Document actions and maintain records**

How you respond to a breach matters most. Consider the misstep of Uber’s former Chief Security Officer, who was convicted late last year of covering up a cyber-attack while the company was already under investigation by the FTC for earlier lapses in data management and protection protocols in 2016. While the decision to withhold information is illegal and clearly outside the company’s cyber crisis response plan, proper documentation protocols established by company executives could have included a system of checks and balances to hold themselves accountable.

\
It can be easy in an emergency to lose track of who did what and when, but this is precisely what regulators, investors and cyber insurance providers will require you to report. Accurately documenting your response can minimize the long-tailed impacts of a cyber crisis and help your organization learn from the experience and fine-tune its response for future breaches.

\
Early-stage startups and small organizations may only have a handful of employees at any given time. The startup mentality helps bind teams together to create a camaraderie that drives the company forward. Even as a company matures, this sentiment can remain strong. Company leaders owe it to their employees to protect their livelihoods by ensuring the business is prepared for any crisis, and the crisis you’ll experience is likely related to cybersecurity. By shifting the weight of a company’s cybersecurity culture to balance prevention and preparedness, companies can remain resilient in a crisis.

\

---

Lead image generated with stable diffusion. 

This story contains new, firsthand information uncovered by the writer.

Read My Stories

Too Long; Didn't Read

Cassandra Forward a free Cassandra-focused community event

4 Essential To-Do’s to Boost Cyber Resilience

Too Long; Didn't Read

@arvindp

Credibility

RELATED STORIES