Management Consulting
Aon
Full Credential Description
In 2017, DLA Piper experienced a significant challenge when it fell victim to the NotPetya ransomware attack. Despite having established incident response and crisis management plans, the firm faced overwhelming difficulties, including a complete loss of email, telephony, finance, and HR systems. This left the organization relying solely on mobile phones without email access, highlighting the inadequacy of their preparedness for such a severe cyber incident. Andrew Darwin, the firms global co-chairman and senior partner, emphasized the necessity of flexibility in crisis-response plans, as the situation was constantly evolving. He noted that while simulations were conducted prior to the incident, the actual human response during a crisis was unpredictable and required organizations to adapt their strategies accordingly. A critical lesson learned was the importance of having cyber response advisors who are familiar with the business and its leadership before a crisis occurs. These advisors can provide structure and rhythm to the response, which is crucial during chaotic situations. As a result of the cyber-attack, DLA Piper emerged as a more resilient organization. Darwin advised other firms to recognize that cyber incidents are inevitable and to prepare accordingly. He stressed that every business should operate under the assumption that a cyber-attack could happen to them, reinforcing the need for comprehensive cyber risk management strategies. The case study also contrasts the responses of two organizations to cyber incidents: TalkTalk and Norsk Hydro. TalkTalk's response was characterized by a fractured and incoherent approach, leading to significant financial losses and a lack of understanding of the attack's scale. In contrast, Norsk Hydro implemented a clear and effective response plan, utilizing daily webcasts and social media to communicate with stakeholders and refusing to pay the ransom. This proactive approach allowed Norsk Hydro to limit financial damage and maintain transparency during the crisis. Overall, the experiences of DLA Piper and the contrasting responses of TalkTalk and Norsk Hydro underscore the critical importance of preparedness and a robust response plan in mitigating the impacts of cyber-attacks.