Adding detail to the concepts of the Cyber Safety Review Board
I was part of the working group on victim notification processes that was lead by Rob Knake sponsored by the Institute for Security and Technology (IST).
Timely victim notification is essential after cyber incidents, but today’s systems fall short. Companies often have only a single email address to reach victims, leaving messages distrusted or overlooked. Many recipients can’t tell a real alert from a phishing lure, and even when they do, they may lack the knowledge to act effectively.
The Cyber Safety Review Board (CSRB) recommended that cloud service providers explore an “‘amber alert’ style” system for high-impact incidents, delivered natively through mobile devices. While promising, such a system faces serious hurdles—technology integration, governance, and the need for broad industry cooperation. Given these challenges, adoption is unlikely unless the scope expands beyond narrow “high-impact” cases to cover a wider range of account compromises.
Some recommendations emerged for near-term actions while larger efforts are developed: Providers should refine current notification practices, develop middleware for private cross-platform delivery, and strengthen post-notification support.
Download the full report here:
https://securityandtechnology.org/wp-content/uploads/2025/08/Amber_Alert_Report-08-25.pdf
