Crisis management during a cyber attack

Crises are situations in which people reach the limits of their ability to act. A cyber-attack is an unimaginable crisis that can render the company completely incapable of action. Now the ability to act must be restored as quickly as possible. Crisis managers give the company the ability to make decisions and act again.


More than 40% of Swiss companies have been affected by cyber incidents. Attacks are carried out by a well-coordinated blackmail industry on all kinds of companies indiscriminately (and partially automated, therefore with huge numbers). Initially, so-called sleeper programs, for example, are set up in the IT systems for many weeks and the administrator rights are organized via the servers. Then the criminal organization strikes and encrypts all relevant IT systems within minutes, combined with a high ransom demand in Bitcoin.

It was precisely this attack that took place at a Swiss industrial company that supplies craftsmen and wholesalers with products and operates a service system on a daily basis. Suddenly, nothing worked, the building entrances remained locked, the telephones were out of order and the entire warehouse management system was out of order. Everything was immediately at a standstill.

This incident was a new and extraordinary event for the company and posed a threat to the entire organization. An immediate response was required to maintain the functionality and integrity of the organization. The company had literally slipped into a crisis “overnight” – and an operational crisis management concept did not exist.

What was done?

The inquiry reached us late in the evening and after a few hours an experienced crisis manager was available to the company. The first task was to enable the ad hoc crisis team to make a rapid assessment of the situation and thus ensure the strategic decision-making ability of the company and to enable the external Cyber Incident Response specialists, who were also called in, to work in the company. As the organization had not known any crisis organization until now (mere emergency plans are useless in such crisis situations), many managers had to get used to the management rhythm of the crisis team (several fixed, very structured management meetings per day).

Crises cause stress, crises do not stick to office hours. Executives who reached their physical limits after more than 48 hours of continuous work had to adhere to prescribed rest periods, etc. Part of the task was to ensure a regular flow of information, which made comprehensive and timely decision-making possible. Deliveries to customers were resumed within just a few days thanks to a rapidly established IT emergency system. After five weeks in crisis mode, the recovery activities were transferred to proper IT projects and the crisis team was dissolved.

The crisis manager was also available to the CEO over the entire period as a crisis coach and organized regular communication with the Board of Directors. This support gave the CEO the freedom to concentrate mainly on day-to-day business.

How can the company protect itself?

There is no 100% protection against cyber-attacks – even outsourcing IT does not protect. Expensive technical precautions can only provide information about an ongoing attack on the system. Only a suitably implemented competent and sovereign crisis organization guarantees the company’s strategic decision-making ability at all times – for self-protection in an emergency.

BEFORE the crisis

The expert supports the development of a crisis organization tailored to the company (concept, resource allocation, implementation, simulation, evaluation), which functions in an emergency and enables timely strategic decisions. Regular updates, checks and simulations are carried out to ensure that the concept is viable and effective in terms of sustainability.

During the crisis

If you do not have a powerful crisis organization, you can appoint one of our crisis-tested experts at short notice as a competent and sovereign head of the crisis team and coach of CEO and members of management.

AFTER the crisis

Shortly after a crisis, our expert’s moderate workshops to evaluate the crisis work (After Action Review). By means of “Lessons learnt”, the crisis organization can then be further improved and the management receives concrete recommendations for action that can be implemented.

The ideal time for a company manager to deal with the management of crises in the company is, of course, before the next crisis – in other words, right now.

Urs Tannò, Top Fifty – Switzerland

Share this article


the partner


Pierina Tannò

More insights