Cyber attacks have a significant business impact, with the potential to escalate into crises if poorly managed. A recurring pattern is strategic dilemmas that cannot be resolved satisfactorily. Some dilemmas are more pronounced, others less so, and therefore often catch decision-makers unprepared, leaving only bad options for decision-making. Something that all dilemmas have in common is that the associated decisions can have a lasting impact on relationships with stakeholders. This paper introduces four recurring dilemmas; shows the typical considerations; lists options for mitigating these dilemmas; and describes the basic requirements for implementing mitigations. The dilemmas and options, in turn, are rooted in the organisation-specific design of: cyber security incident management and response; IT service continuity and disaster recovery management; business continuity management; and crisis management and communication.
Read full abstract