Articles - Business continuity lessons from the CrowdStrike outage


Whether or not you are a CrowdStrike user, the mass outage event has brought business continuity and crisis management into sharp focus. The interconnectedness of supply chains, our dependence on technology and the global reach of the incident reminds us that we need to be prepared to respond to incidents quickly and efficiently. As the dust settles and organisations review the lessons learnt from the incident, what can you be doing now to be better prepared for a similar occurrence?

 By Karla Gahan, Head of Resilience and Harshil Shah, Principal and Head of ERM at Barnett Waddingham

 Communication is one of the most critical components of any response strategy, yet is often the one many organisations get wrong. Ensuring your stakeholders are aware of what’s happening and how you’ll update them makes for a much smoother response, and means there will be less damage to your reputation.

 What to do now
 Ensure your stakeholder maps are current – knowing who to communicate with during a crisis is critical.
 Review your communication strategies and where possible, draft message templates so you are prepared.
 If you have an in-house communications team, or a PR agency on retainer, meet with them and discuss strategies for a range of scenarios, not only those involving a cyber incident.

 If you don’t have a communications strategy, or access to skilled specialists, seek help and ensure you update your plans accordingly.

 Plans
 Plans come to life when they are actively used and response teams understand their roles and responsibilities. While plans won’t necessarily offer solutions for every type of incident, consider whether you can improve them based on the lessons you’ve learnt from this recent disruption.

 What to do now
 Ensure your plans are robust – for example, do you know how your team will come together and under what circumstances?
 Feed any lessons you have learnt from this disruption into your plan and circulate to all response team members.
 Run an exercise using a severe yet plausible scenario to test the plan and response team. Remember that a cyber incident response requires more than just an IT response.

 Supply chain assurances
 You may rely heavily on your suppliers to enable you to provide critical good and services. Or you may be a critical link for other organisations to ensure they can continue to operate. Understanding your supply chain dependencies is essential during disruption.

 What to do now
 Review your supply chain mapping and ensure understanding of dependencies.
 Consider your concentration risks – that is, do you rely on a supplier who also provides a critical service to many others? Are there alternative suppliers available and should you consider using them?
 Ensure contact details for your critical suppliers are up to date and consider your communication channels. How will you communicate with one another during a disruption?

 Insurances and costs
 Business interruption and cyber insurances can be helpful in managing the costs of an incident, however each policy will have specific terms.

 What to do now
 Review your policies and cover and determine whether they are sufficient for your organisation’s needs.
 Speak with your brokers to determine whether there might be better or more appropriate cover available.
 Ensure details of your policies are noted in your plans, and if there are specific requirements, make sure these are recorded as well. For example, you may need to notify your insurer of a cyber incident within a specific time frame for cover to be available.

 Scams
 This incident has reinforced the fact that scammers will use any available channel to mislead innocent victims. That victim could be your organisation, or your clients or customers.

 What to do now
 Ensure you are using approved channels of communication with suppliers to update systems.
 Communicate with your clients or customers to reiterate the way you will communicate with them, and remind them that you will not ask them to click on links or provide personal information.

 Conclusion
 The global outage demonstrates that organisations need to be prepared for any type of disruption. Exercising your teams and testing your plans means that you will have muscle memory for responding quickly and efficiently, even if the scenarios you’re testing aren’t exactly replicated in real life. Just considering how you could be impacted is a good start for any organisation.

 Also, thinking about how an incident such as this one will impact your supply chain helps your preparedness. While your organisation might not be directly impacted, your services might still be disrupted because of a key supplier issue. Many organisations may have not considered that significant players such as Microsoft and CrowdStrike could have caused global disruptions. The cost of lost business, and service disruption will bring business continuity and resilience into sharp focus for many organisations, particularly those who don’t have plans and practiced teams in place.

 For organisations which invoked their plans, regular, clear communication with stakeholders will have been key. The way you communicate during a crisis or disruption determines your reputation now and in the future.

Back to Index


Similar News to this Story

Actuarial Post Magazine Awards Winners Edition December 2024
Welcome to the Actuarial Post Awards 2024 winner’s edition and we hope you enjoy reading about their responses on having won their award. The awards
Guide to setting expense reserves under the new Funding Code
The new defined benefit (DB) funding code of practice (new Funding Code) requires all schemes to achieve funding levels that ensure low dependency on
Smooth(ing) Operator
Private equity can be a great asset. It’s generally the most significant way to have any real world impact as an investor (eg infrastructure assets li

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.