How to Create a Cyber Breach Response Plan

August 23, 2021

“The best day to plant a tree is twenty years ago. The second best day is today.” With computer network intrusions continuing to mount, that tree-planting proverb also applies to your business’s cyber-breach response plan. While cyber security insurance is a risk management cornerstone, an effective response plan is also an essential part of your business survival kit.

Confront the Costs of a Cyber Breach

Businesses of all sizes often scrimp on their cyber-breach response plans, but a brief look at intrusion costs should banish that attitude. The Poneman Institute pegs the average cost of a cyber-breach at $3.86 million. Factor in opportunity cost and reputation damage, and you have a powerful incentive to develop and maintain an action plan. With the consequences of complacency in mind, you can move on to two vital questions: What is a cybersecurity response plan, and what steps can ensure success?

Establish a Chain of Command

No plan can anticipate every possible avenue of attack. That unhappy fact makes a defined chain of command vital. Depending on your organization, the point person can be the CEO or a manager with deep IT knowledge. Once selected, every member of the response team needs an up-to-date contact list at their fingertips. In addition to in-house staff, your contact list should include:

  • Legal counsel
  • Forensic security consultants
  • Your company’s insurance agent

Understand the Cycle of a Response Plan

With your team in place, you’re ready to flesh out the three elements of the response cycle:

  1. Declaration: Define the severity of network intrusion that will trigger your action plan.
  2. Containment: With your team, outline potential attacks and best-practice countermeasures. Ransomware, denial of service attacks and malicious actions from disgruntled employees are typical breaches. Your insurance agent can help you identify the cyber risks most likely to threaten your business. Ideally, your plan will enable isolating sections of your network for forensic investigation.
  3. Mitigation: The bulk of your mitigation effort will involve notifying customers, shareholders and news media. The timing of these outreach efforts will depend on the advice of legal counsel and your forensic investigation team. The final mitigation step is retooling your response plan with the hard lessons learned in the preceding weeks.

Keep Network Maps and Logs Up to Date

Often overlooked, two low-cost steps deserve a place in your response plan. First, keep your network map current. IT staffers know their systems by heart and often neglect to document changes on the network map. In a crisis, an up-to-date network map will save valuable hours for your forensic consultants. Similarly, a small investment in log aggregation software can pay dividends. Detailed network logs are boon to both your forensic and legal teams.

Your cyber-breach response plan will always be a work in progress. As you refine your program, tap the expertise of your insurance agent. Beyond cyber security insurance, your agent’s knowledge of local business offers unique risk management expertise.

About Brooks, Todd & McNeil

Since 1839, the independent agents at Brooks, Todd & McNeil have offered our community the best and most affordable policies from a variety of providers. Our dedicated facilitators are ready to put their 75 years of combined experience to work on your claims. To learn more about our products and services, contact us today at (800) 448-4567.