Cyber disruptions – and their impact on both reputations and profitability – have risen to the top of nearly every recent risk study. These increasing concerns weigh heavily on Executive Suites and Boards.
In the IT realm, CIO’s and CISO’s now focus their efforts on mitigating those risks, and planning responses to potential data breaches, malware and other cyber threats. As a result, more and more organizations have begun developing Cybers Security Incident Response Plans (CSIRPs).
Developing these plans in their own ‘silo’ – without considering the cyber incident impacts on general business operations – can be negligent and potentially dangerous. Integration of CSIRPs with existing Business Continuity and Disaster Recovery Plans can make the entire organization more resilient and prepared to respond to outages of any and every type.
Likewise, Business Continuity plans that simply focus on restoring day-to-day operations under specific scenarios may lack the necessary strategies and tactics to successfully respond to cybersecurity threats that may be at the root of a potential disruption.
Many CSIRPs focus on protection and restoration of impacted technology and acknowledge the need to communicate with customers and stakeholders to mitigate reputational impacts. But potential cyber threats may also require an operational response – because of financial, regulatory and product or service delivery impacts resulting from that cyber incident. In other words, a cyber security problem may cause a Business disruption. Hence recovery of both IT assets and Business functions are closely linked and, must be addressed together, not in separate silos.
Disaster Recovery Journal recently host a webinar by eBRP’s Ramesh Warrier in which he addressed the need for – and mechanics of – integrating CSIRP’s with existing BC and DR planning. You can view the webinar on demand here. After you have watched the webinar, we invite your feedback. Please contact us at info@eBRP.net