Home : Resources : Case Studies

Case Studies


Blackberry Crisis Fall 2011: Just an Annoyance, or a Legitimate Business Disruption Issue?

Cyber Incident Analysis

 The Issue

By now you have read about it, or perhaps experienced the "Crisis" first hand. Millions of users have been impacted by a BlackBerry system failure that caused a disruption in Email, messaging, and browsing over large sections of the world during the last 24 hours. A significant portion of RIM's 70 million subscribers have been affected. The root cause? Apparently a core switch failure at the company's proprietary network infrastructure. Once the switch issue was resolved, subscribers still experienced long service delays as backlogged Email and message traffic was slowly throttled back into the communication pipeline.

For some, this was perhaps a welcome reprieve from their "CrackBerry" habit. There is something to be said, you know, about becoming "unplugged" for a few hours of unconnected peace and bliss. Kind of like living in the 70's again. For others, including businesses that rely on BlackBerry connectivity to operate their supply chain, or for municipalities whose emergency responders use BlackBerry devices as critical communication tools, the impact was potentially far more serious.

Critics (and perhaps insurance claims professionals, forensic accountants, and lawyers) will be spending a good deal of time conducting deep analysis of the root cause of the problem and related liabilities for weeks and months to come. While it is probably far too early to lock-in on a definitive set of "take-aways" at this early stage, there are some practical steps that can be taken to help mitigate the fall-out, or at least document potential damages. Even if your business was not directly impacted, you can leverage this incident to ensure you have a crisis plan in place if your business model is heavily reliant on technology that can and does fail.

Preliminary Considerations
  • 1.1. Investigation & Preservation. Do you think you have suffered a loss, or are you investigating a claim? (Business Interruption, for example). Document the impact to the business and attempt to quantify the damages. Preserve any Electronically Stored Information (ESI) related to the reported damages. (for example: number and type of business interrupting Emails that were delayed, and the resulting dollar impact to your supply chain). Preserve this ESI and use forensics if needed to authenticate it. Forensics can also play a role in calibrating historical messaging / Email traffic (or measuring E-Commerce disruptions or failed web orders, for example) and demonstrating damages or lack of same.
  • 1.2. Cyber Insurance? This case may serve as an interesting study of the sometimes "fine line" between Cyber, E & O, General Liability, and perhaps even property insurance. Does your policy cover losses resulting from this event? Check your policy and keep the lines of communication open between your clients and claims professionals.
  • 1.3. Redundancy. This event may provide a painful reminder of the importance of system redundancy and testing. Early reports of the RIM system problem suggests a failed switch and a malfunctioning back-up. Check your systems, test your back-ups. 
The best lessons learned from this event will unfold in the weeks to come. In the meantime, this a good opportunity to review your own Crisis Plan or Cyber Response Plan. "Never allow a crisis to get squandered", is perhaps a cynical view, but some businesses would be well served by gaining some wisdom from this event that can help make your own systems and the humans that maintain them more robust.

Need Help? Want more Info? Call LWG at (800) 326-5075 or click here for a free copy of our Top 10 Cyber Event Response Tips.