Article:

The rising importance of cyber incident response plans

22 March 2018

Leon Fouche , National Leader, Cyber Security |

After the response we received from highlighting the three reasons why businesses need to stop ignoring calls for cyber security, we are now bringing attention to the three reasons why businesses need to take cyber incident response plans seriously.

  • It’s inevitable. All organisations will experience a cyber incident at some stage. In our digitally connected world, it has become an inevitable part of doing business. This sounds like a dramatic statement, but it’s the mindset that business owners, executives and board members need to adopt when reviewing their risk management plans - and their insurance policies.
  • It’s needed for insurance. To have financial protection from a cyber incident by way of a cyber insurance policy, insurance companies require evidence of a cyber incident response plan.
  • It’s a compliance requirement. If your organisation must comply with the Notifiable Data Breaches scheme, then you will need to have a cyber incident response plan in place as proof of compliance if you experience a reportable breach.  

Having a plan in place can generally help an organisation to be more prepared to respond to cyber incidents and reduces their impact, recovery time and cost to recover from an incident.

At a tactical level, a plan will help your business respond faster to mitigate the immediate impacts of a cyber incident - namely, the loss of intellectual property and customers’ confidential data.

And from a financial risk perspective, having a cyber incident response plan will enable protection by insurance, and implementing the plan may reduce the risk of legislative penalties.

Developing a cyber incident response plan

Having a plan is the first step in ensuring a coordinated and efficient response to incidents. While there are many ‘copy/paste’ templates in existence, it’s vital that organisations take the time to understand the following when making an incident response plan:

  • What are your critical services? (consider how long your organisation would survive without each critical service operating [including outsourced services such as cloud storage], and prioritise these services)
  • What are the digital assets which support the operation of these services? (consider databases, networks, devices, servers, digital services and even key people, and prioritise them)
  • What the impact will be if these assets are compromised? (consider the integrity, confidentiality and availability impact of these assets, and prioritise the risks to these, starting with what’s most likely to occur)
  • How would you contain, eradicate and recover from these incidents? (for example: Who’s responsible for managing the incident? Do you know who to call if your staff can’t fix something? Are third party contact details documented? How will you manage extra staff in the mean time? How will you communicate the incident to stakeholders and affected parties? Who will ensure your regulatory compliance requirements are still met?)

The differentiating factor in businesses who recover effectively from cyber incidents are those who have an established incident response plan in place.

When reviewing your business’ insurance policies, you should be considering cyber insurance. Please contact me to find out how BDO can help you review your cyber insurance requirements – and make that critical first step of having an incident response plan in place.