Porter Novelli (team pictured) has bolstered its cyber incident response offering with a new data breach simulation model.
The is being used with executive teams and boards, to test existing plans against a realistic and escalating scenario.
The company said it has honed its response models in partnership with forensic firms, legal partners and insurers over five years and its new mode and was available to run as a half-day simulation with executive media training for clients across the financial services, retail and education sectors over the past three months.
Porter Novelli Australia chief executive officer, Rhys Ryan said many companies that experience real reputation problems following a data breach were simply not prepared.
“We are called in for particularly difficult incidents, not run-of-the-mill data breaches. What we see over and over are organisations whose leaders simply did not anticipate the challenge of communicating simultaneously with hundreds of thousands of people, often in an environment where they can’t use the normal tools of communications because of the incident itself,” Ryan said.
“Since the Notifiable Data Breaches scheme was introduced almost five years ago, we have responded to scores of these incidents. In some cases, you find out you’ve had a data breach at the same time as everybody else, which is tough if you’re a listed or government entity. This is happening more often because the threat actors have markedly improved their targeting over time.”
“In that scenario, having a specific data breach response plan and regular simulations puts you lightyears ahead. At this point, it is really a matter of good governance.”
“Our model is designed to find gaps in clients’ plans, and to test their executive teams’ response before they’re in a live breach simulation. We create a series of scenarios that are realistic, but also test against a worst-case scenario to ensure our clients are fully prepared when the inevitable occurs,” Ryan said.
“No one has less time than the executive who has just been informed of a data breach,” Ryan said.
“Consumer, stakeholder and regulatory expectations on how corporations respond to a cyber incident are specific and evolving, which means that relying on existing Crisis Management Plans will no longer suffice. Great response requires good preparation, so we have developed a simulation product to build on our long-standing experience in reputation management and data breach response.”