The number of cyber-attacks has been on the rise in recent years.

In most cases, organizations fail during a breach because they were not prepared for it. Crisis management teams are often disorganized and lack clear direction, which leads to less than desirable responses and management of incidents. In this blog post, we will discuss why these issues arise and how you can prepare your organization to avoid them from happening!

Not Having Clearly Defined Crisis Team Roles and Responsibilities

When a cyber-breach occurs, the proper crisis management team members must be involved. Without clearly defined roles and responsibilities for these individuals, there can be confusion during an attack about who should be managing different aspects of the situation. This results in delayed response times to what could have been handled quickly had everyone known their place on the team!

Some things you should be considering include: making sure all team members know their roles in advance; having detailed incident response documentation ready; knowing where to find this information quickly when needed; understanding legal considerations (i.e., what data needs to be protected according to HIPAA regulations); etc. What other tips do you have? How would you approach preparing your organization for attacks like ransomware or phishing schemes?

Not Communicating with Customers & Stakeholders

Lack of communication is one of the most common mistakes made by organizations during a cyber incident. During incidents where classified information has been breached, companies often delay disclosing this information or provide vague details which lead customers to feel confused or even betrayed. Organizations need to communicate early and often with all stakeholders during a cyber-attack, even if the situation is still under investigation.

Communicating With Employees is Not a Priority During Cyber-Attacks

In certain situations, communication with employees is not a priority during cyber-attacks. For example, organizations may decide that they need to shut down network access and thus do not want workers checking their emails or accessing the internet at all (to prevent further damage from happening). This can cause even greater confusion among customers who cannot contact anyone to ask questions about the situation.

Not Making Data Breach Notification Obligations & Laws Part of Your Crisis Management Protocols

Data breach notification laws vary across different regions and countries; however, you should expect your organization to be aware of these regulations as part of its crisis management protocols. When an attack occurs resulting in compromised data it is critical that companies quickly notify individuals impacted by this incident so they can take steps to protect themselves.

Every organization is different and therefore will approach breach notifications in a slightly different manner; however, you should expect your team to understand how the law applies within their jurisdiction as well as what steps they must take if/when it becomes required by local laws.

For example: does your company need to notify customers of an incident immediately or can this information be delayed for some time? Should certain people on the crisis management team (i.e., legal counsel) be involved with all notification-related decisions? What happens when another third party such as a credit reporting agency also requires that customers are notified about an attack? These types of questions should be discussed early on so that employees know exactly how to handle them during specific attacks.

Not Conducting Cyber-Security Simulation Exercises

Cyber-security simulation exercises are critical for crisis management teams to practice responding to cyber attacks. These types of simulations allow team members who will be involved in the response process (i.e., legal, PR, IT) to work together and create strategies before an attack occurs so that they can properly respond when it does happen. During these exercises you want your employees to work closely with each other while also providing feedback at key points during the exercise about what is or is not going well within different parts of the organization’s response process!

Related: PX Podcast – Cybersecurity Simulation Exercises an Interview with Heather Engel


As you can see there are many reasons why organizations fail during cyber-attacks. This is not an exhaustive list but it does cover some of the most common mistakes made by crisis management teams when responding to these types of incidents. By working together and practicing how your company will respond, everyone involved in this process (i.e., legal counsel) can help reduce or eliminate falling victim to ransomware attacks like the recent attack on Colonial Pipeline which lead to fuel shortages in multiple airports, causing American Airlines to temporarily change flight schedules.

There are many other ways that organizations fail during cyber-attacks. How does your organization prepare for these situations?