Incident Management: Be Resilient, Be Prepared

COVID-19 lessons reinforce the value of planning for cyber security incidents

Organisations that are well-prepared to respond to cyber security incidents will save money and be more agile when responding to a crisis, according to the National Cyber Security Centre (NCSC).

Releasing a resource [PDF, 3.1 MB] to help organisations plan and prepare for cyber security incidents, the Director of the Government Communications Security Bureau’s NCSC, Hamish Beaton, says New Zealand studies on the cost of cyber incidents and the NCSC’s observations in light of the COVID-19 response reinforce the value of being prepared.

“Earlier this year, the Reserve Bank estimated that the expected costs of cyber incidents for the banking and insurance industries in New Zealand is between NZ$80m and NZ$134m annually(external link). This finding is reinforced by ongoing international studies that suggest the average cost of a significant incident is US$3.9 million(external link), and that this cost could be substantially reduced if organisations thoroughly planned and prepared for cyber incidents.

“We also know from our observations of the response to COVID-19 that organisations with an ingrained culture of cyber resilience were able to be more agile when implementing systems to address the security challenges associated with the rapid move to remote working.

“These lessons have informed the development of a resource the NCSC has produced [PDF, 3.1 MB] to help New Zealand organisations be better prepared to respond to cyber security events,” Mr Beaton said.

“Another aspect of preparedness is knowing what is going on in your networks. While most organisations apply a range of defensive measures to protect their systems, cyber security risk cannot be managed by preventative measures alone. Good frameworks recognise this and highlight the importance of detection and response as fundamental to resilience.

“Our experience in supporting incident response shows that early detection and access to effective logging can make a significant difference in the time taken to identify and remediate an incident.

“Effective response is about more than just what you do when an incident occurs; it is about having systems in place, constantly reviewing and updating your approach, and ensuring you learn from experience – whether that is a significant incident or a near miss.”

Mr Beaton says the NCSC’s guide identifies the fundamental first steps to establishing an incident management capability. “We have created this resource to support executives and business leaders in assessing preparedness to respond to an incident, and to prompt discussion with technical and security leaders that will help increase the overall cyber security resilience of New Zealand organisations.”

Download Incident Management: Be Resilient, Be Prepared [PDF, 3.1 MB]

Media contact: