The Legal Services Information Sharing and Analysis Organization (LS-ISAO) has created a new member-led group called the Cyber Incident Response Committee (CIRC).
The group has been formed to create playbooks, determine best practices and if needed, guide impacted law firms through mitigation and recovery after a cybersecurity intrusion. As an advisory group for member firms experiencing cyber incidents, the newly formed CIRC develops and shares incident response guidance based on its committee members’ experience and security knowledge.
Engaging impacted members and working with the LS-ISAO community as a whole, it will seek to improve preparedness and minimise the impact from malicious threat actors. The CIRC is currently developing an incident response playbook, to address both executive level and technical staff responsibilities during a crisis. A CIRC-developed repository of documents and practices will also be available to LS-ISAO community members in the community document library.
The cost and impact of a cyber attack
According to IBM, the average cost of a data breach has risen to $4.24 million in 2021, with the average cost of a ransomware breach at $4.62 million and business email compromise at $5.01 million.
Not only can a cyberattack cost businesses substantial financial loss, but it can also have other costs - such as reputational damage and loss of customer trust. Trust is an essential part of customer relationships. Cyber attacks can damage your business' reputation and erode the trust your customers have for you. This, in turn, could potentially lead to, loss of customers, loss of sales, and reduction in profits.
The effect of reputational damage can even impact your suppliers, or affect relationships you may have with partners, investors and other third parties vested in your business.
“Providing guidance and support to fellow members is an ongoing activity in the community,” said Bill Nelson, Chair and CEO of LS-ISAO parent company Global Resilience Federation. “Leading members decided that a more formal approach to incident response planning, with extensive documentation, could assist fellow members and fill the gap between our prevention activities and what we’re sharing for post-incident recovery; the CIRC’s activities are geared to crisis management.”