Consequences of a Cyber Security Incident

Interesting article in the AFR this week about the Colonial Pipeline cyber outage a week or so ago.

What’s interesting from my perspective is that this particular outage actually disrupted people who have never even dealt with Colonial Pipeline. It’s one thing to have your information stolen because the software company you use gets hacked (Facebook, Instagram, Salesforce – whatever) but this time people could not buy petrol because of the outage. Most of them probably have never even heard of Colonial Pipeline…

And Colonial are going to cop an absolute flogging from regulators and investors about the consequences of this outage and the impact on their outlook post recovery.

That’s the point from my earlier post – if your business was Colonial, what could the consequences be? And from those potential consequences, what should you do differently now to mitigate the chances of them happening?