Leading through a cyber attack: Learning from crisis

Cyber attacks can be devastating for any organisation. They can take down systems, block access to critical data and compromise sensitive information. The road to recovery is often long and challenging, impacting both professional and personal lives. From my experience leading recovery and data protection responses in a local authority during a major cyber attack, I’ve learnt valuable lessons about teamwork, leadership and resilience.

Here are some key takeaways for effectively managing a cyber crisis, which can be applied to any organisation, whether in the private or public sector.

During a cyber attack, leaders must establish and sustain calm and focus across the organisation; now, more than ever, teams will be looking to their leaders for assurance. Effective leadership requires:

• Transparency: Be upfront about the situation, even when the future is uncertain. This builds trust and keeps the team aligned.

• Bold decision-making: Make tactical decisions confidently, even under pressure. Use the crisis as an opportunity to accelerate strategic changes that were already in motion.

• Clear prioritisation: Establish guiding principles for recovery, focusing on the most critical needs first. This enables decisive, collaborative work, allowing your teams to act quickly with confidence – making the right calls and knowing when to seek guidance.

In times of crisis, communication is crucial – being honest about the unknowns will help you establish and maintain trust. Working openly involves:

• Sharing knowledge: Talk openly about challenges and progress. This allows for shared learning and collaborative problem-solving.

• Regular updates: Provide consistent communication through internal channels, keeping everyone informed and reducing uncertainty.

• External transparency: Where appropriate, share lessons learned externally to contribute to industry-wide resilience.

• Communicate with confidence: You will need to protect some information, but try to minimise complexity so your teams don’t lose trust.

The foundation of a strong recovery is a capable team that supports one another, measuring success through shared outcomes rather than competition or in-fighting. This includes:

• Skills and attitude: Having a team with the right mix of technical skills and a proactive, problem-solving attitude.

• Trust and collaboration: Fostering a culture of trust and mutual support, both professionally and personally. This creates a resilient and cohesive team dynamic.

• Empowering the team: Giving team members the autonomy to make decisions within clear strategic guidelines, enabling agile responses.

Building capable teams is work that needs to be done before you have a crisis. Prioritise team dynamics, culture and ways of working just as much as skills and knowledge. How you respond to this crisis will have lasting effects on workers' trust and organisational culture, extending well beyond the crisis itself.

The intense pressure of crisis management can lead to burnout. Take deliberate steps to prevent this:

• Make well-being a priority: Recognise the importance of mental and emotional health from the start. Check in on your team’s health regularly – and make it visible that you’re doing that.

• Set boundaries: Establish clear boundaries to maintain a sustainable work pace. Model this yourself.

• Create support systems: Encourage open discussions about stress and coping strategies, fostering a supportive environment.

• Embed in culture: These principles should be part of everyday team culture, not just during crises.

While no organisation is immune to cyber threats, resilience can mitigate the impact. Key strategies to adopt, before a cyber attack actually takes place, include:

• Proactive investment: Invest in cybersecurity measures, including cloud solutions and a ‘zero trust’ security model.

• Crisis preparedness: Have a comprehensive incident response plan and conduct regular drills to ensure readiness.

• Digital transformation: Use the opportunity to modernise systems and adopt more resilient digital infrastructure. Recovery will be time-consuming and expensive, so ensure your efforts drive progress.

• Continuous improvement: Learn from each incident to improve cybersecurity posture and recovery processes.

Recovering from a cyber attack is not about heroic individuals; it’s about effective teamwork. This means:

• Collective responsibility: Embrace the idea that recovery is a shared responsibility, with no single hero.

• Everyday resilience: Build resilience into daily operations, leadership and team culture. This ensures the team can function under pressure when needed.

• Learning culture: Treat the crisis as a learning experience for everyone – including senior leaders – to better understand how digital and technology enable their service delivery. Continuously reflect on what worked well and what needs improvement.