Issue Area: Cyber Risk

A data breach or a cyber attack puts your stakeholder relationships, financial standing, management credibility &  reputation at risk…

While the high-profile cyber security breaches at Yahoo, LinkedIn, OPM, Sony and Anthem have brought this issue roaring back into the headlines, organizations have been at serious risk of a data breach or cyber attack for over a decade.

In that time much has been done to increase security and employees have become more technologically savvy—the lost, unencrypted laptop hopefully a thing of the past.

Nevertheless, the risk has grown exponentially, driven by the advent of social media, the migration to cloud-based services, as well as anytime, anywhere mobile access.  In fact, it truly is not a question of “if” but of “when.” No longer just negligence or teenage hijinks, Ponemon Institute reports 42% of breaches are now caused by malicious or criminal intent.

And while it is every organization’s responsibility to do what they can to prevent a breach or cyber attack from being successful, technology is only part of the answer. The steps you take now can have a dramatic impact on your ability to respond effectively and minimize the impact of the event on your organization.

Our experience suggests that an actual or perceived poor response to an event is often more damaging to an organization than the underlying event itself.  But how do you respond in a way that protects your reputation and strategic objectives?

We’ve Been There

Blue Moon Consulting Group understands the risk you face. Our team has been in the trenches with organizations in crisis for decades. We know what works, what doesn’t, and how to prevent needlessly making the situation even worse.  We’ve helped retail, healthcare, educational and financial services clients respond to cyber attacks, IT systems failures and data breaches.  We provide the experience, common sense, and crucial “outside” perspective that you need during an actual event. Our best-in-class methodology helps ensure you not only survive but emerge a stronger organization.

Crisis Response

During a crisis event we help you:
→ Respond in a way that meets stakeholder expectations
→ Be proactive in your approach, thinking through potential impacts & consequences
→ Develop consistent and credible multi-stakeholder messaging and communications strategies
→ Manage efficiently through instituting a formalized meeting process
→ We do not accept chaos and dysfunction as an acceptable or unavoidable crisis operating model

We’ll Help You Prepare

Don’t wait until a crisis is upon you. BMCG consultants have helped clients in retail, healthcare, financial services, energy and higher education prepare for, as well respond to data security, privacy, and cyber attacks for over ten years.  Are you ready?

Capabilities Assessment

Need to evaluate your current approach?  Through a combination of document review and in-person interviews, the capabilities assessment will identify any critical gaps and provide actionable recommendations on how to enhance your response to cyber and data breach events.  We’ll assess your response structure and team roles, issue/event reporting & escalation processes, team operations, data breach incident management protocols, crisis communications, management culture, familiarity with existing plans, and the quality of relationships with critical third-party vendors.

Plan Development

In collaborative working sessions we help you create a response plan specifically tailored to your organization. Designed to ensure a high degree of organizational buy-in, our planning process expedites adoption, encourages a solid cross-functional understanding of the dynamics of a data breach or cyber event, and results in an easy-to-deploy plan that can withstand today’s highly-scrutinized operating environment.


Barring an actual crisis, exercising is the best way to improve your team’s response capability.  Exercising increases team cohesion, improves individual understanding, validates and improves written plans and helps an organization become crisis ready.  BMCG consultants have conducted cyber-related exercises for almost a decade from a short tabletop exercise to elaborate multi-day, multi-team, real-time simulated crisis events.

Simon Barker, Managing Partner

Simon has been involved in data security issues for over 10 years.  He was a leader in Visa International’s response to data breach issues since 2005 and was part of a small team that led the creation of the PCI Security Standards Council.  At Marsh, he led crisis management and communications response to major breaches at healthcare and financial institutions amongst others, and has developed plans and conducted cyber-related crisis management exercises around the world.