PlanB Consulting

Marks out of 100 for Easyjet’s Cyber Incident Response

Charlie scores Easyjet’s response to their recent cyber attack out of 100.

“Thankfully, we now live in a world where it is accepted that data breaches happen, and organisations are more comfortable disclosing that they have been victim to an attack. However, with this welcome move away from victim blaming, organisations are now being judged more on how well they manage a breach.” Brian Honan in Computer Weekly

I thought this week it would be good to look at a non-coronavirus incident, as many have been saying for a while, just because we are in the middle of a pandemic it doesn’t mean that other incidents don’t occur. There have been articles in various newspapers saying that with organisations distracted and many staff working from home, criminals are using the opportunity to launch cyber-attacks and online scams. An example of these attacks has been the ransomware attack by REvil on Grubman Shire Meiselas & Sacks, which is aimed at extorting money by locking out their files and then threatening to release client information if a large ransom is not paid.

I have an interest in cyber reputation communications management as I like to keep my Managing and Preparing for Cyber Incidents Course up to date. I also find it fascinating how different organisations respond to cyber incidents and how organisations make the same basic mistakes again and again when responding. The easyJet cyber-attack caught my eye as it was a distraction in the news from COVID-19, but also as I am a customer and use their flights it is a company, I am familiar with.

I thought I would develop my first draft of a quantitative assessment of easyJet’s response. The assessment is not yet, I suspect, the final version, but by trying it against an incident there is the opportunity to refine it. If this works, I intend to assess other responses in future bulletins to see if there are patterns which organisations do well and those they do not do so well.

Any comments on the process, criteria and weighting are gratefully received.

Table 1 – Quantitative assessment of Easyjet’s cyber response, 22 May 2020

You can find easyJet’s Q&As here.

About Charlie Maclean-Bristol

Charlie Maclean-Bristol is one of the Founders and Directors of PlanB Consulting. He is also the Training Director of Business Continuity Training Ltd., a UK-based training provider accredited by the Business Continuity Institute. Charlie is a former Business Continuity Institute board member and one of the very few Fellows of both the Emergency Planning Society and the Business Continuity Institute.

A former Infantry Captain in the British Army, Charlie held several emergency planning, business continuity and crisis management positions within the energy and utility industry before founding PlanB Consulting in 2007. Over the past twelve years, Charlie has delivered business continuity consultancy in 6 of the worlds 7 continents, frequently providing full business continuity roll-outs to organisations of all sizes and in all sectors.

Scroll to Top