We have witnessed, in recent years, a large increase in cyberattacks, which often keep cybersecurity experts up at night. On July 19, however, the world woke up to a different cyber crisis: it was not a hacker attack or a data leak, but an impact caused by a failure of bringing up to date the security system of the cybersecurity company Crowdstrike. The problem ended up affecting computers using Microsoft's operating system globally.

At times like this, some questions arise:

  • How to react?
  • Has my company been prepared to deal with unexpected situations?
  • Who should lead internally?
  • Who should I contact externally?

What we call crisis management is the antidote that allows companies not only to face their problems, notwithstanding the complexity; it also relief organizations to curtail and prepare to, if necessary, minimize losses and unwanted legal, economic, financial, and reputational consequences.

A preventive approach focused on the legal issues related to crisis management can add great value, protect the company from potential damages, and enable business continuity in a resilient format.

Fortunately, in Brazil, the impacts of this cyber crisis on the 19th were milder than in other parts of the world. There was no news of a stoppage at the airports. The main obstacles involved access to the internet in general and the difficulty of using important applications – especially those related to financial institutions.

We know, however, that the impossibility of accessing banking applications, for example, can cause panic among users, even further so if accompanied by fake news. It is a situation capable of causing damage to consumers and third parties, among others.

Companies that are well-prepared for crises can minimize the impacts of these adverse episodes due to their ability to communicate in an agile and effective format to transmit the necessary information and, at the same time, calm their users and stakeholders.

It should not be forgotten that all measures adopted, and decisions taken in the heat of the moment bring future legal consequences and repercussions – which, if ignored, may even bring serious reputational and financial impacts on business.

Companies can preemptively take some measures to respond appropriately to crises. Among them, the following stand out:

  • to accomplish a risk assessment;
  • identify in advance the responsible parties who must lead and to make the necessary approvals in cases of crisis;
  • have a draft of an official communication ready – to be adapted to the specific case; and
  • Constantly training teams so that they are able to deal with similar situations and calm down direct users.

Preventive measures can not only guide a more organized, faster and effective reply, but, above all, to decrease the damage caused by crises. Preparation is the key to better navigating turbulent waves. We increasingly have indications – as the July 19 event showed – of how this preventive effort should not be neglected.