Are You Ready? Elements of a Strong Cyber Incident Response Plan

Part 1:  Why is an effective response plan so important?

“Do we have an up-to-date, battle tested Cyber Incident Response Plan?”

That is one of the important questions we’ve urged every corporate executive to ask themselves and their executive leadership team.

It’s likely that the answer is “no,” according to a September 2015 Ponemon study, which noted “75 percent of U.S. organizations are not prepared to respond to cyberattacks, leaving them more vulnerable than ever against increasing intensity and volume of security breaches. Improving Cyber Resilience is found to be the most potent weapon organizations have in prevailing against the mounting threats they face.”

Why is an effective response plan so important?

First, you should be operating under the assumption that a cyber attack is inevitable, and your organization will actually need to respond sooner than later. Further, insurance is simply a funding source, and thus alone will not address all aspects of a cyber breach.  Therefore, an effective response plan should be established to help an organization respond to a data breach with clear steps to be taken to both investigate a potential incident and mitigate damage if a breach has occurred.

5 Important (and Costly) Things to Know:

  1. A quick, coordinated response is a company’s best countermeasure when it realizes an incident has occurred. An unfocused response can prove costly. A comprehensive insurance program including Breach coaches, Panel options for support and Response systems can assist and pay for these expenses.
  2. Do you know what you need to do in the event of an incident/breach in your state(s)? There are State and Federal laws and notifications that must be complied with in the event of a data breach or cyber attack. Further, legal counsel is often needed, along with letters needed to be sent to those affected by the breach.  This requirement can be very expensive and time consuming in which the appropriate coverage will address these areas.
  3. Forensic experts are typically needed to help shut down an incident/breach and assess/report the scope of the incident/breach to determine all that were affected. These experts are very specialized and will consume the IT team’s time which may affect the ongoing operational support within the company. Define what backup options may be appropriate for business continuation.
  4. Public Relations firms are sometimes necessary to manage reputational harm and even to manage call centers in the event of major data breach situations.
  5. If personal information is obtained and identity theft could result, assistance may need to be provided (credit/identity monitoring) for several years in most states for those that are affected, which can be very costly and time consuming.

Check back next week for Part 2 of our blog where we will discuss What a Cyber Incident Response Plan Should Include.