Skip to content


  • Add this article to your LinkedIn page
  • Add this article to your Twitter feed
  • Add this article to your Facebook page
  • Email this article
  • View or print a PDF of this page
  • Share further
  • Add this article to your Pinterest board
  • Add this article to your Google page
  • Share this article on Reddit
  • Share this article on StumbleUpon
  • Bookmark this page

Supporting your cyber security response through the COVID-19 pandemic and beyond

The response to the coronavirus pandemic has forced fundamental changes in our personal and professional lives. Ways of working have transformed quickly to maintain business operations through the crisis, and many organisations have adapted their operational priorities. This has put pressure on existing systems, accelerated delivery of planned systems and quickened procurement of new capabilities. All this is happening while on a crisis footing, forcing leaders to take risky decisions at pace.

This crisis response is changing the threat landscape of your organisation. The UK National Cyber Security Centre and US Department for Homeland Security report that, although there hasn’t been a significant increase in cybercrime, criminals are increasingly exploiting COVID-19 with incredibly effective techniques. To manage such new risks, you need to implement new controls and training, procure and integrate new systems securely, and adapt existing processes, such as incident response, to suit a largely remote workforce.

These are substantial actions that need to happen quickly, but there are steps CISOs can take to ensure their organisations emerge from this crisis with improved cyber security, ready to excel in the new reality.

Seven phases to a strong cyber security crisis response

We’ve used our extensive cyber security experience, such as helping T.Rowe Price prepare for times of crisis by safeguarding $1 trillion in assets, to create a comprehensive self-assessment that will help you ensure your cyber security is still robust. It considers the whole lifecycle of the crisis response, from the immediate reaction, through improving the integration of information security across your organisation, to identifying and pursuing the opportunities that emerge.

Below, we outline the seven phases of crisis response CISOs need to manage through. For a detailed version of the self-assessment or support managing your cyber security response to COVID-19, get in touch with our digital trust & cyber security team.

1.     Immediate cyber security response

This isn’t a cyber-centric crisis but CISOs have a vital role to play to limit and manage risk from the start. In the first phase, you need to know your role, influence decision-making where you can and capture risks to deal with later where you can’t.

2.     Cyber support to systems security

In the second phase, your focus will need to shift to securing systems that enable remote working, such as Cloud productivity services, VPNs and conferencing technologies.

3.     Cyber-savvy workforce

With most people working from home, there are new challenges in ensuring we all work securely. In the third phase, you’ll need to provide training and communications to help people do their part in protecting your organisation.

4.     Incident response

Information security incidents will happen. So, in phase four, explore whether your new ways of working mean you need to redesign your processes and rehearse them to ensure your organisation is ready to respond.

5.     Information security policies and risk management

Given the pace of change, phase five will require you to review your risks and information security policies, and proactively manage them. Capture any new good practices and prepare for the future.

6.     Continuing cyber transformation programmes

Before COVID-19, you’ll have had plans for various cyber transformation programmes. It’s important not to let them fall into irrelevance. So, in phase six, assess and reprioritise existing programmes make them relevant to your new operational priorities, risk posture and budget. Done right, this will help your business adapt quickly to the post-crisis future.

7.     Identifying opportunities and recovery to a new business as usual

This crisis will end, but we’ll never return to things as they were. So, learn from the changes we’re forced to make and identify opportunities to shape future operational priorities by looking at what’s worked well through this crisis.

The right cyber security response to COVID-19 will drive long-term benefits

Our self-assessment guides you in creating an immediate actionable plan. It also gives the scope to build a longer-term recovery plan and, eventually, a full cyber transformation programme to support your organisation’s new reality. For a detailed version of the self-assessment or support managing your cyber security response to COVID-19, get in touch using the details below.

By following through on the seven phases, your organisation will emerge from this crisis stronger than it was before. It will have better technology, better integrated security, a cyber-savvy workforce and an improved reputation as a trusted organisation.

For a detailed version of the self-assessment or support managing your cyber security response to COVID-19, get in touch with our digital trust & cyber security team.

Discover all our insights related to COVID-19

Find out more

Contact the author

Contact the digital trust and cyber security team

Adam Stringer

Adam Stringer

Cate Pye

Cate Pye

Elliot Rose

Elliot Rose

Justin Lowe

Justin Lowe


By using this website, you accept the use of cookies. For more information on how to manage cookies, please read our privacy policy.