6 Tips for Creating a Cyber Incident Response Plan

According to IBM, the average cost of a data breach in the United States last year was over $5 million. For businesses of all sizes, having purchased cyber coverage to help recover from these incidents is essential. But just having cyber coverage isn’t enough.

While most organizations have cyber defenses in place, cyber incidents still occur. That’s why having a cyber incident response plan is essential. That way if a cyber incident occurs you won’t be scrambling and wondering “what should I do next?!” But if you’ve never built a cyber incident response plan, where do you start? We have a few tips to set you up for success.

1. Establish a Cyber Incident Response Team

Who are the essential team members that will help your organization effectively respond and react to a cyberattack? Consider company executives, IT specialists, legal experts, PR and media professionals and HR leaders, as well as external partners. In addition, outline the roles and responsibilities of each member of the response team.

2. Outline a Communication Plan

Identify potential stakeholders and determine how relevant information could be communicated in a timely and effective manner. Consider internal and external stakeholders, such as employees, customers and the public.

3. Create Guidelines for Operational Continuity

A cyberattack doesn’t mean that your organization can cease to function. How will your organization’s key functions and operations continue throughout an incident, and how can you contain the attack.

4. Understand Your Reporting Requirements

Research which federal, state and local regulations your organization must follow when responding to a cyber incident. Outline which members of the response team will be responsible for handling those reporting requirements.

5. Create Benchmarks for Seeking External Assistance

Not all cyberattacks require external assistance, but some may. Determine when and how the organization should seek assistance from external parties including law enforcement or third-party IT providers.

6. Outline Your Post-Incident Analysis Plan

Understanding how a cyberattack occurred is key to preventing it from happening in the future. Consider the steps that the organization will take to research the incident post-resolution, evaluate the organizational response and implement post-incident policy changes.

Keep in mind, that no two organizations are the same, and every organization’s cyber incident response plan will be unique. While these tips are a great start for crafting a cyber incident response plan, use them as guideposts to craft the right plan for your organization. And don’t forget – response plans are always a work in progress. Don’t forget to update your plan as operational needs change and cyber exposures evolve.

This article is based on a piece originally published in Zywave’s Content Cloud. To learn more about Content Cloud or Zywave’s cyber and risk management solutions, contact [email protected].

BlogCommercial LinesData & AnalyticsInsurers

Ready to take the next step?

Speak with one of our revenue generation experts to learn ways you can increase productivity, achieve profitable growth, and delight your customers. Complete the form and we’ll be in touch right away.