·  Legal News, Analysis, & Commentary


Tips for Crafting a Cyber Incident Response Plan

— October 14, 2021

Even with a robust plan in place to react to cyber attacks, remember that prevention is always the first step in protecting your business.

With cyber attacks on the rise, many small business owners should be prepared to respond to cyber threats that may damage their business operations. With 76% of small businesses suffering an attack in the past twelve months, business owners must take steps to improve their cybersecurity response, in addition to having preventative measures. One component of preparing for cyber attacks involves investing in cyber insurance. With attacks like data breaches costing SMBs $101,000 on average, cyber insurance can help cover the cost of damages associated with cyber attacks when it comes to legal fees and other expenses.

Another effective strategy for reacting to cyber threats is having a cyber incident response plan. A cyber incident response plan is a set of protocols that your team will follow in the event that your business is attacked by a cyber criminal. The plan should detail procedures for personnel to follow regarding cybersecurity responsibilities like locating and containing the threat and remedying any damage to your business. Below are three tips for crafting a rigorous cyber incident response plan.

  1. Prepare thorough protocols in a playbook

Your plan should have detailed instructions on who will respond to cyber threats and how they will be dealt with. A playbook should list the appropriate workflows and hierarchies of personnel that will be responsible for detection, containment, threat elimination, and restoration. Additionally, you should include a list of previously vetted vendors who are approved to step in if the threat exceeds the ability of your team. 

  1. Leverage technology to detect and identify threats

In addition to having guidance in a playbook for the appropriate personnel, you’ll also want to make sure your team is well-equipped to investigate threats and contain them. Cyber incident response software is necessary to identify a threat and also document information that will help diagnose and repair it. Antivirus software is also helpful at detecting problems and alerting your team. 

  1. Test your plan and continue to improve

Once you have a plan in place, it’s best practice to put it to the test. Run through cyber threat exercises with the personnel designated in your plan to ensure that everyone is prepared to execute their roles efficiently. This will also highlight whether improvements to your workflows are needed. Reflect on your test runs with your team and make any updates to your plan as necessary. 

With these tips, you will be prepared to create a strong cyber incident response plan to improve your business’ ability to defend itself against cyber threats and prevent the financial and legal repercussions that come with them. Even with a robust plan in place to react to cyber attacks, remember that prevention is always the first step in protecting your business. For additional steps to include in your cyber incident response plan, check out the following infographic from The Zebra. 


Join the conversation!