{"id":232164,"date":"2026-06-29T08:30:23","date_gmt":"2026-06-29T08:30:23","guid":{"rendered":"https:\/\/www.intrinsec.com\/?p=232164"},"modified":"2026-06-29T08:30:24","modified_gmt":"2026-06-29T08:30:24","slug":"gestion-crise-cyber-role-rssi","status":"publish","type":"post","link":"https:\/\/www.intrinsec.com\/en\/gestion-crise-cyber-role-rssi\/","title":{"rendered":"Is cyber crisis management really the CISO's job?"},"content":{"rendered":"
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

In many organizations, cyber crisis management is naturally entrusted to the CISO. After all, they are the cybersecurity expert. Often, they are also the ones who initiated business continuity plans from an IT perspective.<\/p>

This situation therefore seems logical. However, one question deserves to be asked: Is a cyber crisis really a crisis for the CISO?<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

The cyber crisis: a crisis like any other<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Despite its technical origin, a cyber crisis very quickly transcends the IT framework.<\/p>

Ransomware, data breaches, or information system outages cause far more than just technical problems. They can have significant consequences:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"environnement\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Regarding operations and professions:<\/strong> The unavailability of applications, data, or production tools can lead to a degradation, or even a complete shutdown, of certain activities. Business processes may be slowed down or have to be performed in a degraded mode, with potential impacts on service quality, deadlines, or the organization's ability to fulfill its missions.<\/p>

Regarding the relationship with clients or users:<\/strong> Service interruptions, inability to access certain services, or the compromise of personal data can affect the trust of customers, users, or partners. Teams in contact with these stakeholders must also manage complaints, information requests, and any concerns raised by the incident.<\/p>

Regarding internal and external communication:<\/strong> A cyber crisis requires rapid and consistent communication, not only with employees but also with customers, partners, authorities, and the media. Inappropriate or contradictory communication can worsen the situation and fuel rumors, misunderstandings, or a loss of trust.<\/p>

Regarding regulatory and legal obligations:<\/strong> Certain situations may give rise to notification obligations to the competent authorities, the individuals concerned, or contractual partners. Legal liabilities may also arise, particularly in the event of a data breach, failure to comply with regulatory obligations, or disputes with third parties.<\/p>

Regarding the organization's image and reputation:<\/strong> Beyond the incident itself, the way it is managed can have lasting consequences on the perception of the organization. A poorly managed crisis can affect its credibility, attractiveness, and the trust placed in it by its customers, users, partners, and employees.<\/p>

Regarding financial and strategic aspects:<\/strong> The costs associated with incident management, remediation, business interruption losses, and potential penalties can be significant. A cyber crisis can also jeopardize projects, disrupt development strategies, or alter organizational priorities for several months.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t

\n\t\t\t\tIn other words, the cyber crisis is not an IT crisis; it is a global crisis.\t\t\t<\/p>\n\t\t\t\t\t<\/blockquote>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The same functions as in any other crisis situation must be mobilized: general management, operations, communications, legal, human resources, finance, and even external partners. The cyber component is ultimately just one of many aspects to address.<\/p>

It is also interesting to note that most major recent crises, whether linked to cyberattacks or not, follow the same management principles: understanding the situation, arbitrating, communicating, coordinating and deciding under time constraints and pressure.<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

The CISO: an indispensable expert, but not necessarily a crisis coordinator<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The CISO obviously plays a central role in incident response. Their expertise is essential for classifying the attack, informing anticipation efforts, and contributing their knowledge of the cybercriminal environment.<\/p>

However, being an expert in a field does not automatically mean being a crisis manager.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

A discipline in its own right<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Don't play multiple roles<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Crisis management requires specific skills:<\/p>\n