It’s time to check in with your clients. Have they thought about their new year’s resolutions for their business? If not, now is your time to shine.
Many organizations don’t have an effective cyber incident response plan in place. But with a new year comes new opportunities – and now is a great time to help your clients set some new resolutions focused on how they can more effectively protect their business in 2025.
According to IBM, the average cost of a data breach in the United States in 2023 was almost $5 million. So, while a fundamental part of your role as a commercial insurance expert is helping your clients identify and purchase the cyber coverage that’s right for their organization, there’s more you can help them do. Organizations of all sizes need a cyber incident response plan – and you’re uniquely positioned to guide them as they build their plan.
But if you’ve never helped your clients build a cyber incident response plan before, where do you start? We have a few tips to set you up for success.
1. Establish a Cyber Incident Response Team
Who are the essential team members that will help the organization effectively respond and react to a cyberattack? Consider company executives, IT specialists, legal experts, PR and media professionals and HR leaders, as well as external partners. In addition, outline the roles and responsibilities of each member of the response team.
2. Outline a Communication Plan
Identify potential stakeholders and determine how relevant information could be communicated in a timely and effective manner. Consider internal and external stakeholders who need to be kept apprised of a cyber incident, such as employees, customers and the public.
3. Create Guidelines for Operational Continuity
A cyberattack doesn’t mean that the organization can cease to function. How will the organization’s key functions and operations continue throughout an incident, and how can your clients contain the attack?
4. Understand Your Reporting Requirements
Research which federal, state and local regulations an organization must follow when responding to a cyber incident. Outline which members of the response team will be responsible for handling those reporting requirements.
5. Create Benchmarks for Seeking External Assistance
Not all cyberattacks require external assistance, but some may. Determine when and how the organization should seek assistance from external parties including law enforcement or third-party IT providers.
6. Outline Your Post-Incident Analysis Plan
Understanding how a cyberattack occurred is key to preventing it from happening in the future. Consider the steps that the organization will take to research the incident post-resolution, evaluate the organizational response and implement post-incident policy changes.
Keep in mind, that no two organizations are the same, and every organization’s cyber in
cident response plan will be unique. While these tips are a great start for crafting a cyber incident response plan, use them as guideposts to guide your clients as they craft the right plan for their organization.
This article is based on a piece originally published in Zywave’s Content Cloud. To learn more about Content Cloud or Zywave’s cyber and risk management solutions, contact [email protected].
