Nearly 60% of businesses that are impacted by a cyber incident go out of business within the 6 months following. With our heavy reliance on technology to keep both businesses and services running, it’s imperative that everyone take cyber risk seriously. However, incidents will inevitably happen and it’s up to you to ensure that your business is prepared to ride out the wave, and hopefully make a full recovery! We invited Jack Morris, Account Director at Epiq, back onto the show to discuss the consequences of not being prepared for a cyber incident and the key steps businesses should take in the event of an incident. You’ll learn ·      Who are Epiq? ·      What does the current cyber incident landscape look like?  ·      What are the consequences if a business does not respond to a cyber incident effectively? ·      How can a business detect if they’re being attacked? ·      How should businesses respond in the event of a cyber incident? ·      What role does a legal team play in incident response?   Resources ·      Epiq ·      Isologyhub   In this episode, we talk about: [00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo. [02:05] Episode summary: Today Mel is joined by guest Jack Morris, Account Director at Epiq, to discuss how businesses should respond to a cyber incident. [03:00] Who are Epiq?  – Epic is a global leader in technology enabled legal services. In fact, it supports 90% of the top law firms globally! With over 8000 employees spread over 19 countries, it helps to support corporations, law firms and government agencies across the globe. [04:35] What constitutes a cyber incident and why is it so important to respond effectively? – A cyber incident refers to unathorised access or attempted access to an organisation’s IT systems. Types of incident include breaches, malicious attacks (e.g. Ransomware), and accidental events (e.g. Fire Damage). Responding effectively is crucial to minimize damage and protect sensitive data. [05:40] What does the cyber incident landscape currently look like, and what challenges will organisations face in responding to an incident? : The cyber incident landscape is ever evolving, but here are some key trends we saw in 2023: Attacks on the rise – the number of organisations posted on ransomware and data theft sites increased by over 70% year-on-year. Business Email Compromise (BEC) incidents surged by 67% in 2023 – these events are where people within an organisation fall victim to phishing or similar – clicking on malicious links which ultimately compromise your mailbox. For me, there are 3 main challenges that organisations face when responding to a cyber incident: ·      Day-to-day management – balancing the technical aspects of the incident with broader business continuity, communications, financial and legal considerations. This can be hugely difficult for an organisation, during and already high stakes situation. ·      Expertise and support – navigating the complex legal, technical and operational aspects of an incident ·      Data-focused impact – understanding and assessing the risk to data after resolving an incident. [10:00] What are the solutions to these challenges?  – Understanding the various external expertise and support available to a business, whether that be engaging with a law firm, a cyber incident response expert and cyber insurer will give you access to support with both the day-to-day management of an incident, as well as the legal, operational and commercial impact of said incident.  [12:10] What are the consequences for an organsiation that does not respond effectively to a cyber incident? – : Failing to respond effectively to a cyber incident often leads to a variety of sever complications for a business, such as; ·      Operational Issues: operational disruptions will occur due to prolonged exposure of sensitiv