Why crisis management matters more than ever in the post-GDPR world

May 9, 2019 by Alex Johnson

cyber crime crisis management

The one-year anniversary of the introduction of the GDPR directive is fast approaching.  More than €55m in fines have been issued (with Google accounting for almost all of that) and 200,000 plus cases reported.  But where does GDPR leave us from a crisis management perspective?

For a start if cyber-crime wasn’t on the radar of most senior management before GDPR’s introduction, it is now. With a real threat of financial penalties, as well as public exposure, no one wants to be the organisation that didn’t see a breach or attack coming and prepare accordingly. And that, for me, is where the crux of successful cyber crisis management lies.

The public have become somewhat blasé to reports of data being compromised/lost but have little tolerance for sub-standard handling of the situation (Equifax anyone?).

Organisations are being judged, not on the incident itself, but on how they choose to respond:

·        Is the organisation honest and transparent – has it detailed who has been impacted and how? While it can be difficult to know this in the early stages of a breach, regular and ongoing communication with customers is vital. No one wants to be kept in the dark

·        Is the organisation demonstrating control/ownership of the situation? Obtaining facts in any crisis is difficult – perhaps even more so in a cyber incident where, for many, how and what happened never becomes clear. However, lack of facts shouldn’t stop an organisation providing positive and actionable advice to those impacted (such as Marriot’s package of support after its breach) and thereby demonstrating a desire to get the situation under control

·        Did the organisation prepare appropriately? It’s naive and reckless of an organisation to assume it is bulletproof when it comes to cyber-attacks. They need to plan for the worst and be ready to put these plans into action

·        Does it demonstrate empathy? While showing compassion feels an easier ‘fit’, when there is a tangible human cost, it is nevertheless still important in these types of situation. We are a cyber-reliant society. Much of our lives and livelihoods are tied up in the cloud, in pixels and servers. Failing to recognise this shows an organisation that is out of touch with its customers

The cyber threat is unlikely to go away any time soon, but organisations can mitigate this threat by planning a response, should the worst happen, that is values rather than operationally driven.



Alex Johnson


View Profile


Insignia Award Icon

Winner of Consultancy of the Year at CIR Business Continuity Awards 2023

Insignia Award Icon

Finalists for Specialist Consultancy of the Year at CIR Business Continuity Awards 2020 & 2023

Insignia Award Icon

Finalists in 2023 Great British Entrepreneur Awards: Service Industries category

Insignia Award Icon

Winner Specialist Business Book of the Year 2021 at The Business Book Awards (Crisis Proof)

Insignia Award Icon

Finalists in the Lloyds Bank British Business Excellence Awards 2021: Purpose Before Profit category

Insignia Award Icon

Finalists in the Business Champion Awards 2021: Champions in a Crisis category

Insignia Award Icon

Finalists for Business Advisor of the Year at the 2021 Growing Business Awards

Insignia Award Icon

Shortlisted for BCI Europe Awards 2023: Continuity and Resilience Consultant category