FacebookFacebook icon TwitterTwitter icon LinkedInLinkedIn icon Email

Brain circuits

Four questions that will help you prepare for a cyberattack

IbyIMD+ Published 5 April 2022 in Brain circuits • 2 min read

Cyberattacks are part of the reality of doing business in today’s world, so any organization whether large or small  needs to have a plan in place in terms of how they will handle a security breach when it occurs.

There are certain key questions you should be asking right now to ensure you are prepared to act quickly when your systems are hacked. Here are four essential ones:

1. Have I trained all my employees?

Sometimes, the easiest way for a hacker to get in is simply to pose as someone from your organization – such as the IT department – and ask an employee for passwords. Make sure all employees are trained to be aware never to give out passwords, and never to click on something from an unknown source.

All it takes is one tired employee at home to be a little forgetful and accidentally click on a nefarious link. These kinds of social engineering attacks are used in more than 80% of the cyberattacks today, so it is rarely about highly sophisticated technical breaches.

Make sure everyone is aware that suspicious individuals, phone calls, e-mails, links and questions must always be treated with caution.

2. When and how will I tell my customers what happened?

Communicating clearly and quickly with customers about any sensitive information that has been breached is critical. You will need to determine who needs to know what and how to inform them. And the way this is handled can mean a lot for your company’s reputation.

For this reason, your communications team should have someone pre-designated to deal with a crisis, and a cyberattack in particular, so they are ready to advise the minute something goes wrong. If no one on your communications team has experience with this sort of incident, get them trained now.

3. Do I have a designated war team?

This is the team that will assemble to handle the attack. As previously mentioned, it should involve someone from communications and PR in addition to technical, security and legal advisors.

4. Does someone on my team have a point of contact with the GDPR or other relevant authorities?

Every country has some sort of data protection authority, and they have a lot of excellent advice to give. If your company is attacked and you tell them it is the first time that it has happened, they can give you points of contact for assistance.

While cyberattacks are something no company wants to deal with, they are a reality in today’s digital landscape. And the better prepared you are ahead of time, the smoother things will go when a breach occurs. 


Oyku Isik IMD

Öykü Işık

Professor of Digital Strategy and Cybersecurity at IMD

Öykü Işık is Professor of Digital Strategy and Cybersecurity at IMD, where she leads the Cybersecurity Risk and Strategy program. She is an expert on digital resilience and the ways in which disruptive technologies challenge our society and organizations. Named on the Thinkers50 Radar 2022 list of up-and-coming global thought leaders, she helps businesses to tackle cybersecurity, data privacy, and digital ethics challenges, and enables CEOs and other executives to understand these issues.


Learn Brain Circuits

Join us for daily exercises focusing on issues from team building to developing an actionable sustainability plan to personal development. Go on - they only take five minutes.
Read more 

Explore Leadership

What makes a great leader? Do you need charisma? How do you inspire your team? Our experts offer actionable insights through first-person narratives, behind-the-scenes interviews and The Help Desk.
Read more

Join Membership

Log in here to join in the conversation with the I by IMD community. Your subscription grants you access to the quarterly magazine plus daily articles, videos, podcasts and learning exercises.
Sign up

Log in or register to enjoy the full article

Explore first person business intelligence from top minds curated for a global executive audience