Assessing IT Incident Communication Readiness
This month, we continue to highlight industry trends, unique use cases and best practices around IT incident communications. Given the prevalence of cyber attacks–including more frequent data breaches and larger scale, coordinated attacks–it’s timely to revisit some of the techniques and strategies we have covered in previous posts.
Last year, we provided some insight around the keys to effective IT incident management. Since our sweet spot at Everbridge is critical communications, it’s important to highlight all of the elements that an organization needs to implement to ensure they are ready to respond, communicate and act following a security breach, outage or disruption. This goes for your IT operations team, your employees who rely on a functional IT environment to get their job done, your executives and your customers.
Let’s take another look at a previous post. After all, it’s an unpredictable world we live in, and IT vulnerabilities have only increased in subsequent months.
IT incidents cost organizations millions of dollars in hard costs, not to mention hidden, but still significant, costs like erosion of customer trust and loss of employee productivity. The Ponemon Institute, an organization that conducts independent research on privacy, data protection and information security policy, estimated that it cost US businesses $5.4 million on average per data breach incident in 2012. And these IT breaches are increasingly common. Worse, companies continue to come under fire in the media, and in public, because of their failure to alert users in a timely manner following the attack.
In addition to cyber security concerns, Ponemon also noted that 91% of US data centers have experienced an unplanned outage in the past 24 months. And these outages are expensive. The organization found the average duration of data center outages for global organizations was 86 minutes between 2010 and 2012, at an average cost of $7,900 per minute. And only 38 percent of organizations surveyed by Ponemon said they have adequate resources to keep their data centers running if an unplanned event occurred.
All of this makes the need for a well-prepared and executed total incident management plan not just a nice-to-have in today’s business climate, but a must-have.
An effective IT incident management plan enables a company to control an incident (and foster customer goodwill), rather than have the incident control it. In addition to managing incident response, a key part of managing both expected and hidden costs is managing the critical communication surrounding an incident. Faster awareness of the situation and faster collaboration to identify the source and solution for problems, ultimately leads to faster resolution of incidents. Faster resolution leads to faster external communication, too.
There are four key areas that determine an organization’s readiness to manage an incident, and its expected and unexpected costs:
- Preparation and planning (e.g., are procedures in place to communicate with clients, employees, executives, families, media representatives and other stakeholders before, during and after an incident?)
- Assessment (e.g., are communication plans and incident procedure tutorials provided to clients, employees and other stakeholders?)
- Response (e.g., during an incident, what contact methods would be used to get messages to stakeholders? Can you ensure that key contacts can be reached quickly, at all times?)
- Delivery (e.g., have you established methods for assessing the overall effectiveness of your critical communication processes and systems after an event?)
To learn more best practices around mitigating the damages from an IT incident, download the Everbridge white paper, “The Hidden Cost of Business Interruptions: How Total IT Incident Management Can Save Your Business.” The paper explains how to understand the total cost of incidents, how “hidden” costs can impact your business, and how total incident management can help you prepare for and better manage IT incidents in the future.
Both the expected and unexpected costs of an incident will increase if an organization can’t respond to an event appropriately. These critical communication best practices will help companies mitigate these costs and be better prepared, make better decisions, and respond more quickly and confidently during disruptive, er, daunting and critical, IT events.