Are these included in your Cyber Incident Response plan?

Cyber security attacks are now at unprecedented levels and where these are successful, they can significantly impact upon an organisation’s operations, financial performance, legal compliance and reputation. The COVID-19 pandemic and prevalence of cyber threats makes organisations more vulnerable than ever to a cyber-attack. Google have also reported blocking over 18 million scam e-mails every day as opportunistic cyber criminals seek to exploit the global social and economic crisis. As a result, having a robust cyber incident response capability has become one of the most important elements of an organisation’s overall cyber risk management strategy.

Being properly prepared for a cyber-attack can reduce the likelihood of attacks being successful or, if this is not possible, minimise their impact. The key stages in preparing for a cyber-attack can be summarised in the diagram below.

Formalising arrangements to respond to a cyber incident before it occurs can greatly assist in ensuring that the organisation’s response is appropriate, effective and undertaken as quickly as possible.

Cyber Incident Response Plans should be endorsed at the highest level and include the assignment of a response team each with designated responsibilities. Deputies for each role should also be appointed where possible. It is recommended that the team includes response specialists with experience in dealing with such events. Unfortunately, most organisations do not have this expertise in-house, and in such circumstances it is recommended that this be sought from approved third parties, such as CREST accredited consultants. Cyber insurance arrangements often include 24/7 access to these services as standard.

Other areas to incorporate within a Cyber Incident Response Plan include:

• Plan access arrangements (considering IT systems may be unavailable).
• The invocation and escalation procedure.
• Response methodology.
• ‘Playbooks’ identifying specific action to be taken in response to individual methods of attack, for example ransomware, data theft, denial of service, malware outbreak and unauthorised access.
• The incident response of any outsourced IT services, such as cloud-based facilities.
• Communication and reporting requirements.
• Key internal and external contact details.
• Essential information, such as network diagrams, ports, data and event logs.
• Alignment with and reference to other plans, such as the Business Continuity Plan.

The above guidance is an excerpt from comprehensive cyber incident response guidance available via RMworks designed to help organisations to minimise risk and reduce cost.

We are always interested to hear your views so if you have any questions or comments on this article, please get in touch with your dedicated insurance broker at Griffiths & Armour or alternatively, contact Greg Street below: