According to IBM, the average cost of a data breach in the United States last year was over $5 million. For businesses of all sizes, having purchased cyber coverage to help recover from these incidents is essential. But just having cyber coverage isn’t enough.
While most organizations have cyber defenses in place, cyber incidents still occur. That’s why having a cyber incident response plan is essential. That way if a cyber incident occurs you won’t be scrambling and wondering “what should I do next?!” But if you’ve never built a cyber incident response plan, where do you start? We have a few tips to set you up for success.
1. Establish a Cyber Incident Response Team
Who are the essential team members that will help your organization effectively respond and react to a cyberattack? Consider company executives, IT specialists, legal experts, PR and media professionals and HR leaders, as well as external partners. In addition, outline the roles and responsibilities of each member of the response team.
2. Outline a Communication Plan
Identify potential stakeholders and determine how relevant information could be communicated in a timely and effective manner. Consider internal and external stakeholders, such as employees, customers and the public.
3. Create Guidelines for Operational Continuity
A cyberattack doesn’t mean that your organization can cease to function. How will your organization’s key functions and operations continue throughout an incident, and how can you contain the attack.
4. Understand Your Reporting Requirements
Research which federal, state and local regulations your organization must follow when responding to a cyber incident. Outline which members of the response team will be responsible for handling those reporting requirements.
5. Create Benchmarks for Seeking External Assistance
Not all cyberattacks require external assistance, but some may. Determine when and how the organization should seek assistance from external parties including law enforcement or third-party IT providers.
6. Outline Your Post-Incident Analysis Plan
Understanding how a cyberattack occurred is key to preventing it from happening in the future. Consider the steps that the organization will take to research the incident post-resolution, evaluate the organizational response and implement post-incident policy changes.
Keep in mind, that no two organizations are the same, and every organization’s cyber incident response plan will be unique. While these tips are a great start for crafting a cyber incident response plan, use them as guideposts to craft the right plan for your organization. And don’t forget – response plans are always a work in progress. Don’t forget to update your plan as operational needs change and cyber exposures evolve.
This article is based on a piece originally published in Zywave’s Content Cloud. To learn more about Content Cloud or Zywave’s cyber and risk management solutions, contact [email protected].