Cyber threats: creating an effective crisis management plan

When it comes to a potential cyber-attack, no business is safe from harm – including wealth managers. Whatever their size, firms must beware cyber threat actors looking to cause disruption, gain access to personal or company data, or steal client funds.

To protect themselves against this threat, firms should consider implementing a tried-and-tested crisis management plan. Not only will this reduce the likelihood of an attack, but it will also help to limit the extent of damage if an attack occurs.

Understanding cyber threats

Cyber threats can arise from a number of sources, including:

• Human error
• Disgruntled employees
• Computer system error or technical failure
• Targeted cyber-attacks
• Fall-out from an attack on a supply chain partner

When an organisation suffers a cyber-incident, it can lead to considerable financial loss. According to IBM’s 2023 Cost of a Data Breach Report, the global average cost of a data breach was US $4.45 million.

Creating a crisis management plan

Given the devastating potential impact of a cyber breach, it’s essential that firms establish a comprehensive crisis management plan to be executed in the event of an attack.

This typically includes:

1. Preventative controls – e.g. adopting the relevant hardware and software solutions; conducting risk assessments; creating data backups; training employees to understand risks and identify potential attacks
2. Detective controls – e.g. determining affected systems and isolating them from the remainder of the network; taking the network offline; informing staff of the attack and actions to contain further spread; informing relevant clients, business partners and other relevant stakeholders of an attack; capturing volatile memory contents from affected devices to help determine the sequence of events leading to the attack
3. Corrective controls – e.g. alerting key partners to assist with strategy; reporting the attack to relevant parties, including insurance partners and law enforcement; deploying decryption tools where necessary; wiping and rebuilding systems, including resetting passwords and checking backups are uninfected

To be most effective, any crisis management plan should be stress-tested through simulated incident and table-top exercises.

Once established, a robust crisis management plan can help wealth managers to future proof themselves in critical areas of legal risk, data handling and security breaches. It will also help to ensure that the firm, as well as its directors’ and officers’, are well-protected from any D&O or client liability claims, regulatory issues, or other financial implications.

Cyber insurance protection

While a crisis management plan can reduce the likelihood and severity of any cyber-attack, it cannot offer complete protection. To provide themselves with an additional layer of security, firms may consider taking out cyber insurance.

Cyber insurance policies offer a range of protections, including:

• Pre-incident support, such as access to cybersecurity expertise, IT vulnerability assessments, staff training, and assistance with password management
• Security and privacy breach costs like customer notifications, public relations advice, IT forensics, and legal expenses
• Post-incident support includes system assessments, breach source identification, legal guidance, and data restoration
• Coverage for business interruption, cyber extortion reimbursement including ransom amounts and negotiation fees, and damage to digital assets such as data loss, corruption, or misuse of computer systems

For further information, please visit Lockton’s Cyber page, or contact:

Carlo Ramadoro, Broker, Cyber and Technology

E: carlo.ramodoro@lockton.com

Laura Skaanild, Head of Global Financial Institutions, Lockton

E: laura.skaanild@lockton.com