Home / Services and expertise / Crisis management plan
Preparing for an effective response
“It’s no longer a question of if you will be the target of a cyber attack, but when. This is a statement that current events continue to confirm, and one that should lead every company to prepare for a crisis, especially when it comes to cyber scenarios. In fact, the management of cyber and digital crises (major IT incidents, malicious acts) is no longer the exclusive preserve of the CISO: it is gradually becoming part of high-level crisis management by “non-experts”. What’s more, the impact of a cyber crisis is multifaceted and goes far beyond the information system: damage to image and reputation, impact on customers, impact on business, increased risk of fraud for the company and its ecosystem, legal implications, financial losses, etc.
Managing a crisis therefore involves organisational, documentary, media, legal, logistical, technical and human preparation.
The aim of a crisis management system is to achieve a sufficient level of preparation so that, as soon as the situation deteriorates, the right people can be contacted, the necessary measures can be taken and effective tools and resources can be made available to organise oneself in the face of a situation that is, by definition, unprecedented.
THE CRISIS MANAGEMENT PLAN MAY CONTAIN
Major crisis scenarios and response plans,
Reflex cards, crisis directories, etc.
Alert, mobilisation and on-call schedules and associated crisis levels,
The composition of crisis cells and the roles and responsibilities of each,
Identify weak signals, indicators of crisis transition in the event of a gradual increase (e.g. from incident management or a major incident),
The crisis communications plan,
The tools and means of communication to be used (particularly in the event of compromise or unavailability of traditional means) and crisis management procedures.
Why have a crisis management plan?
By anticipating possible crisis scenarios and ways of dealing with them, the crisis management plan ensures that everyone knows their role and function during a crisis and can draw on existing procedures if necessary. The better prepared and protected an organisation is, the more confidence it will have in its ability to manage complex events. In particular, this means defining procedures in advance so that you can be reactive and relevant on D-Day. By not having to define the ‘how’ in the heat of the moment, it is easier to focus on the ‘what’. In this way, the crisis management plan improves the fluidity of decision making, reduces ‘downtime’ and allows the organisation to focus on the specific aspects of the event – rather than the organisational or governance aspects. As a result, problem resolution is improved and the crisis is managed more effectively.
Alcyconie offers solutions tailored to the crises you are likely to face, depending on your environment and needs. We draw on a comprehensive assessment of your crisis management system and our knowledge of best practice and sector specifics to provide you with the most appropriate solutions.
Joint development of the crisis management plan
The construction phase of the crisis management plan is an opportunity for collective reflection, before the crisis, on the responsibilities and roles of each party. Alcyconie recommends that the crisis management plan be developed in synergy between your teams, who have a privileged knowledge of your company and its ecosystem, and the company’s experts, who provide an outside view, a guarantee of objectivity.
To build this crisis management plan, Alcyconie proposes a co-construction process involving:
- The company’s experts, who contribute their “on-the-ground” knowledge of risks and their evolution;
- Exchanges with operational teams to adapt best practices and generic crisis management tools as closely as possible to your organisation’s culture, taking into account existing practices in an empirical approach.
Alcyconie’s experts are well versed in all types of crisis management and the specific organisational aspects involved. You will benefit from their up-to-date and accurate knowledge of risks and crises, the fruit of their daily experience in the field, assisting victims of cyber attacks, but also from the strategic positions they have held throughout their careers: business continuity and crisis management manager, communications director, cyber fraud prevention and detection manager, etc.
The priority of our experts is to ensure that the crisis management system becomes a reflex that everyone knows about and a support system that is as close as possible to your organisation… not just a long list of administrative procedures that will remain in the cupboard!
Any questions?
Would you like more information about creating a crisis management plan?
Would you like to learn how to set up a crisis management system in your organisation?