Nearly 60% of businesses that are impacted by a cyber incident go out of business within the 6 months following.
With our heavy reliance on technology to keep both businesses and services running, it’s imperative that everyone take cyber risk seriously.
However, incidents will inevitably happen and it’s up to you to ensure that your business is prepared to ride out the wave, and hopefully make a full recovery!
We invited Jack Morris, Account Director at Epiq, back onto the show to discuss the consequences of not being prepared for a cyber incident and the key steps businesses should take in the event of an incident.
You’ll learn
- Who are Epiq?
- What does the current cyber incident landscape look like?
- What are the consequences if a business does not respond to a cyber incident effectively?
- How can a business detect if they’re being attacked?
- How should businesses respond in the event of a cyber incident?
- What role does a legal team play in incident response?
Resources
In this episode, we talk about:
[00:30] Join the isologyhub – To get access to a suite of ISO related tools, training and templates. Simply head on over to isologyhub.com to either sign-up or book a demo.
[02:05] Episode summary: Today Mel is joined by guest Jack Morris, Account Director at Epiq, to discuss how businesses should respond to a cyber incident.
[03:00] Who are Epiq? – Epic is a global leader in technology enabled legal services. In fact, it supports 90% of the top law firms globally! With over 8000 employees spread over 19 countries, it helps to support corporations, law firms and government agencies across the globe.
[04:35] What constitutes a cyber incident and why is it so important to respond effectively? – A cyber incident refers to unathorised access or attempted access to an organisation’s IT systems. Types of incident include breaches, malicious attacks (e.g. Ransomware), and accidental events (e.g. Fire Damage). Responding effectively is crucial to minimize damage and protect sensitive data.
[05:40] What does the cyber incident landscape currently look like, and what challenges will organisations face in responding to an incident? : The cyber incident landscape is ever evolving, but here are some key trends we saw in 2023:
Attacks on the rise – the number of organisations posted on ransomware and data theft sites increased by over 70% year-on-year.
Business Email Compromise (BEC) incidents surged by 67% in 2023 – these events are where people within an organisation fall victim to phishing or similar – clicking on malicious links which ultimately compromise your mailbox.
For me, there are 3 main challenges that organisations face when responding to a cyber incident:
- Day-to-day management – balancing the technical aspects of the incident with broader business continuity, communications, financial and legal considerations. This can be hugely difficult for an organisation, during and already high stakes situation.
- Expertise and support – navigating the complex legal, technical and operational aspects of an incident
- Data-focused impact – understanding and assessing the risk to data after resolving an incident.
[10:00] What are the solutions to these challenges? – Understanding the various external expertise and support available to a business, whether that be engaging with a law firm, a cyber incident response expert and cyber insurer will give you access to support with both the day-to-day management of an incident, as well as the legal, operational and commercial impact of said incident.
[12:10] What are the consequences for an organsiation that does not respond effectively to a cyber incident? – : Failing to respond effectively to a cyber incident often leads to a variety of sever complications for a business, such as;
- Operational Issues: operational disruptions will occur due to prolonged exposure of sensitive information, and if Ransomware has infected systems, the organization will not have access to potentially crucial business information. Financial losses and higher costs to incident response can come as a result of poor planning.
- Additional Data Breaches: if an organization doesn’t respond effectively to a cyber incident, taking steps to gain control over their systems, additional data breaches can occur from threat actors gaining further access to the organisation’s systems.
- Financial losses: cyber incidents affect a business’ bottom line. Costs including incident investigations, recovery, legal fees and potential fines. Further, knock on effects such as lost business opportunities and damaged investor confidence come from poorly managed cyber incidents.
- Damage to Reputation and Trust: Public perception matters for a business. A poorly handled cyber incident damages an organization’s reputation. Customers, partners and stakeholders lost trust, affecting long-term relationships and market position.
- Legal Consequences: Regulatory fines and potential follow on litigation arise from non-compliance with data protection laws. Organisations failing to report breaches promptly face penalties. Legal battles can be costly and time consuming.
[16:25] How can organisations detect if they are being attacked? – signs will vary depending on the type of cyber incident, but organisations and end users could expect to experience; slow systems, locked accounts (no access to mailboxes etc), inability to access documents or shared drives, ransom demands and unusual emails from organisation domains are all tell-tale signs of a cyber incident. If an organisation has invested in Managed Detection and Response software for their end-points, this will proactively scan your environment and provide alerts to potential and actual cyber incidents.
[17:40] What are the key steps an organization must take in responding to a cyber incident? – It’s a great question, and these key steps will be implemented during a cyber incident response plan – an impacted organization should:
- Triage: Assess the severity and impact of an incident (organisations can instruct a first response organization to shut the doors, and assess the damage)
- Identify: Understand what is happening to a business post incident? Things like locked accounts, no access to business systems etc.
- Resolve: take technical actions to mitigate the incident – shutting off access to accounts – closing the door
- Report: Notify relevant stakeholders, including legal obligations.
- Learn: analyse the incident to then take retrospective action to prevent further incidents.
[21:23] Join the isologyhub – Don’t miss out on a suite of over 200+ ISO tools, templates and training, sign-up to become a member of the isologyhub
[23:48] How does Cyber Insurance play a pivotal role in Cyber Incident Response? – like with most walks of life, insurance plays a crucial role in supporting organisations in effectively responding to disasters.
- Response Funding: Insurers cover costs related to incident response, including professional services.
- Response Time: Insurers bring in experts promptly, improving incident resolution.
- Affordability: For small to medium businesses, insurance may be the only way to afford a response team.
[26:10] What role do vendors like Epiq do to support the incident response lifecycle? – Just like Law firms providing legal advice and support in responding to a cyber incident, cyber incident response providers support with the operational response to a cyber incident.
Initially, vendors like Epiq support with the incident identification and forensic investigations. Essentially finding the open door and closing it.
Further investigation on how the threat actor (baddie) got into the open door is conducted to prevent other doors from opening too.
Following this, the operational partner will support in understanding the extent of the incident, whether that be identifying impacted entities, notifying them of the incident and providing remediation, as well as supporting with any follow on litigation or mass claim.
[27:25] What are the legal obligations that exist after a cyber incident, especially in related to personal data breaches? – the legal obligations are clear – an organisation must report personal data breaches within 72 hours of awareness, unless the risk to individuals’ rights is unlikely. This quick turnaround is why it’s imperative that organisations have an established cyber incident response plan, and know who they should be talking to regarding the legal and operational implications.
[28:45] What support is there out there for organisations that are victim to a cyber incident? – On the previous episode, we discussed what organisations can do to be proactive in mitigating the risks associated to a cyber incident, we discussed the important of Cyber Incident Response plans, as they outline what external support an organisation should seek in the event.
Having playbooks and relationships with law firms, cyber providers like Epiq, and cyber insurance coverage are 3 key focuses for every business.
[30:35] What role does a legal team play in incident response? – Legal support and advice is critical during an incident. As mentioned, they will help support with report the incident to the regulatory bodies required.
- Breach Notification – legal support ensures compliance with data breach disclosure laws and regulatory requirements.
- Breach Counsel – law firms act as a breach counsel for organisations, enabling them to support and advise on the legal implications of a cyber incident. Most law firm cyber practice groups will have relationships with external vendors, like Epiq, to support with the operational response. They can co-ordinate with these external vendors to ensure compliance.
- Privacy Law Compliance – they guide handling of personal data and privacy implications to ensure no further issues.
[32:30] What role do vendors like Epiq do to support the incident response lifecycle? – Just like Law firms providing legal advice and support in responding to a cyber incident, cyber incident response providers support with the operational response to a cyber incident.
Initially, vendors like Epiq support with the incident identification and forensic investigations. Essentially finding the open door and closing it.
Further investigation on how the threat actor (baddie) got into the open door is conducted to prevent other doors from opening too.
Following this, the operational partner will support in understanding the extent of the incident, whether that be identifying impacted entities, notifying them of the incident and providing remediation, as well as supporting with any follow on litigation or mass claim.
[36:00] What should an organisation do in future to prevent further incidents? – Benjamin Franklin’s famous quote is so true here – ‘by failing to prepare, you are preparing to fail’.
The key point here is to learn from your mistakes. There may have been numerous reasons that the organisation wasn’t ready for a cyber incident, but they should learn from what led to the incident previously, and proactively address this to prevent further incidents. 67% of organisations that get hit by a cyber incident are subject to further attacks within 1 year. It’s important to reduce your attack surface, and ensure you have cyber security themes running throughout the business.
[37:45] What are Jack’s top 3 tips to take away from this session to help them respond effectively to an incident? –
- Establish an Incident Response Plan – we spoke through IR plans during the first episode, but creating a plan that outlines roles, responsibilities and communication channels during an incident is key. Once implemented, regularly testing the plan and simulating these incidents is key to ensuring effective response.
- Engage external experts early – during this session we identified 3 critical external support pillars to an incident – having legal advice, operational and response support and insurance is key.
- Prioritise business continuity – enabling the external experts to support you through the incident will free your bandwidth to ensure that you minimise damage and downtime to your business.
If you’d like to learn more about Epiq and how they can help you, visit their website.
If you’d like to book a demo for the isologyhub, simply contact us and we’d be happy to give you a tour.
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes:
Stitcher | Spotify | YouTube | iTunes | Soundcloud | Mailing List
Steve Mason is a Senior Consultant at Blackmores (UK) Ltd, and has a 100% success rate of supporting clients in achieving their ISO 9001 & ISO 27001 certifications on their first time.
With over 38 years of experience working with standards, Steve is incredibly knowledgeable about how to ensure companies get the best benefits when implementing new standards. Steve has never stopped advancing himself and continues to broaden his knowledge of new standards as they come into existence.
Today, Steve is back to discuss the new ISO 27017 (Information Security Controls for Cloud Services Standard), and why it is needed in addition to ISO 27001.
The current publication of ISO 27001 was released back in 2013 before cloud security was as big of a concern. Due to this, it does not adequately cover cloud security and hence the new standard ISO 27017 was released.
It is wise not to assume that the cloud is secure on its own, you need a provider that can demonstrate protection from hacking and guarantee you security.
There are 7 new controls that the standard brings –
- 6.3.1 Shared roles and responsibilities within a cloud computing environment
- 8.1.5 Removal of cloud service customer assets
- 9.5.1 Segregation in virtual computing environments
- 9.5.2 Virtual machine hardening
- 12.1.5 Administrator’s operational security
- 12.4.5 Monitoring of cloud services
- 13.1.4 Alignment of security management for virtual and physical networks
In this episode, Steve talks through some of these new controls, explains why they’re so important, and describes who can benefit from implementing this new standard.
You’ll learn
- How the standard works for both customers and providers.
- How ISO 27017 works as a unique selling point for businesses.
- The new controls and how it demonstrates security within the cloud.
- The benefits of adopting ISO 27017.
- How doing a gap analysis can help you to understand what cloud controls you already have in place.
Resources
In this episode, we talk about:
[01:30] Why it’s important to have a standard for cloud security when we already have ISO 27001.
[02:46] The type of new controls and how they make the standard ‘cloud effective’.
[05:37] Some examples of the new controls.
[07:20] The prerequisites you need before implementing ISO 27017.
[08:37] The type of certificate you get with ISO 27017.
[10:22] How ISO 27017 can set companies apart from their competitors.
[11:03] What the future for ISO 27001 and ISO 27017 looks like.
[13:03] Advice for anyone thinking of implementing the standard.
[14:20] The main benefits there are from implementing ISO 27017.
If you need assistance with implementing ISO 27017 – Contact us!
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes:
Stitcher | Spotify | YouTube |iTunes | Soundcloud
Steve Mason is a Senior Consultant at Blackmores (UK) Ltd, and has a 100% success rate of supporting clients in achieving their ISO9001 & ISO27001 certifications on their first time.
With over 38 years of experience working with standards, Steve is incredibly knowledgeable about how to ensure companies get the best benefits when implementing new standards. Steve has never stopped advancing himself and continues to broaden his knowledge of new standards as they come into existence.
Today, Steve is here to discuss ISO 27701 (Data Privacy), and why it’s so important to have so that you can prove you are GDPR compliant.
Since the new European Data Privacy Laws were introduced in May 2018 there have been over 150,000 personal data breaches within Europe, and the estimated total of GDPR fines total a little over 220 million euros.
Steve explains why GDPR is so important, how companies can avoid having data breaches, and what makes ISO 27701 different from previous standards.
You’ll learn
- How ISO 27701 can help companies demonstrate compliance with the requirements of GDPR.
- The ways ISO 27701 is different from ISO 27001 and why you need both standards.
- Who you can share PII with while still maintaining GDPR compliance.
- The correlations ISO 27701 has with ISO 27002.
- The potential impact implementing ISO 27702 can have.
Resources
In this episode, we talk about:
[00:29] The big personal data breaches that have happened in the last 2 years, and the fines the companies received for not being compliant with the data protection laws.
[04:11] Why we have General Data Protection Regulations and what they are there to protect.
[06:36] What ISO 27701 is and how it helps companies be GDPR compliant.
[09:26] What PII (Personally Identifiable Information) is.
[11:41] An overview of ISO 27701 and what its main clauses are.
[14:04] What the two control sets of the standard are and what the difference between a data controller and a data processor is.
[17:20] How this standard helps companies know what needs to be put in place to be GDPR compliant.
[18:51] What makes ISO 27701 better than BS 10012 and why it will eventually completely replace it.
[22:14] What you already need in place to get ISO 27701 certified.
[24:10] The main benefits for companies implementing this standard has.
If you need assistance with implementing ISO 27701 – Contact us!
We’d love to hear your views and comments about the ISO Show, here’s how:
- Share the ISO Show on Twitter or Linkedin
- Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.
Subscribe to keep up-to-date with our latest episodes:
Stitcher | Spotify | YouTube |iTunes | Soundcloud


Our 7 Steps to Success
The Blackmores ISO Roadmap is a proven path to go from idea to launching your ISO Management System.
Whether you choose to work with one of our ISO Consultants, our isologists, or work your own way through the process on our isology Hub, we’re certain you’ll achieve certification in no time!
We have a proven step by step process that our ISO Consultants implement as soon as our working relationship begins. We use our specialist skills and industry knowledge to determine what is already on track and where improvements can be made. We live and breathe ISO standards, we know the standards inside out so you don’t have to.
Our ISO Consultants can help you implement systems for any ISO Standard. See the full list for specialised standards here.
What our clients have to say
Trusted by leading organisations across all sectors, we support companies of all sizes in any location.

Listen to our Podcast
Welcome to the ISO Show podcast, dispelling myths and sharing tips for success to improve your business with ISO Standards. Join us to hear interviews with successful business leaders as they share their ISO journey with you.
Get top tips via audio master classes “ISO Steps to Success” on the most popular ISO Standards.