Five Steps to Creating a Cyber Security Incident Response Plan

October 3, 2021

Green Security Eye ScanConcern for cybercrime has increased 62% in the past year.

Over 41,600 incidents and 2,013 confirmed data breaches were investigated by Verizon and its partners in the past year.
The numbers paint a dark picture of the growing threat to businesses of all sizes – concern for cybercrime has increased 62 percent in the past year among business decision makers, according to a recent survey.2
To prevent or mitigate loss, an incident response plan should be a critical component of your cyber security toolkit.

Creating a Solid Incident Response Plan

An incident response plan (IRP) must be tailored to the cyber risks your business faces. While every plan will differ, reference these high-level steps as a guideline for creating your IRP:
  1. Preparation: Identify employees and outside vendors who will handle potential incidents and prepare them for their role in incident response. If a cyber attack were to occur, it is imperative that responsibilities are clearly defined.
  2. Detection: Have proper monitoring in place that provides constant and comprehensive coverage of your network. Differentiate between minor and major events and have appropriate escalation processes.
  3. Containment: Isolate the infected system and analyze the cause of the infection.
  4. Recovery: Eradicate the cause of the infection (block malicious IP addresses, change passwords, patch holes, fix vulnerabilities, etc.) and put the network back into production while complying with regulatory requirements. During this time, it is also important to take measures to protect the company’s brand and image.
  5. Post-incident Review: Discuss lessons learned with appropriate stakeholders and take action to fix identified gaps in security, ensuring similar incidents are avoided in the future.

Put Your IRP Into Practice

Once you have created an IRP tailored to your specific business, it is important to maintain the plan as an integral part of your business operations. Review the IRP annually (or more frequently) and conduct periodic training sessions with the designated response team.

Role of Insurance

Even with a solid IRP in place, your business can still be a victim of a costly cyber attack. Consider purchasing cyber liability coverage to protect your business.

Source: The Hartford, “Five Steps to Creating a Cyber Security Incident Response Plan” https://www.thehartford.com/ website. Accessed October 3, 2021. https://www.thehartford.com/insights/cyber/cyber-incident-response-plan

© Copyright 2021. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.