It Takes 5 Steps To A Cyber Incident Response Plan

The worst has happened and you’ve discovered that your organisation has been hacked. So what should you do next?


The Cyber Security Breaches Survey 2017, endorsed by the UK Government, found that 66% of medium size firms had identified a cyber breach, yet only 24% have a formal cybersecurity incident process in place.

Businesses must be ready to respond when a breach is detected. This can be a critical time, where decisions are made on a limited understanding of the situation.

Having a Cyber Incident Response Plan in place will help your organisation to manage the incident and recovery, as well as protecting your customers, employees and reputation.


[Related Blog; Is this the Year of the Insider Threat?]


 We have identified 5 key steps to help you create an effective Cyber Incident Response Plan.



1. Define what needs protected

Firstly, you need to know what you are protecting and the value of those assets to define how they should be protected. What are your organisation’s crown jewels? Assets could include proprietary data, network access, an accounting system, LAN files, digitally stored business documents and more.

It’s also vital to assess all systems so that the right ones are included in the plan.

Think about the risks associated with the assets and systems. What would be the potential business impact should they be compromised?



2. Put an incident response team in place

An incident response plan requires a multi-skilled team made up of internal and external forces. This should include:

  • A crisis management team to head up the leadership response
  • A communications team to manage the response to your staff, customers, suppliers and regulators
  • An incident response team to determine the facts and manage the restoration of business-as-usual
  • External advice, including legal, forensic and PR



3. Evaluate (and document) incident scenarios

Once different assets and threats are identified, you can then define different scenarios. These scenarios should have predefined actions in place and provide guidance on appropriate responses. Common cybersecurity incident scenarios include malware infection, DDoS diversions, denial of service or unauthorised access.

It’s vital that all guidance on responses is appropriately documented for use by the team.



4. Organise training and dry runs

So you’ve got your plan in place, but this doesn’t mean you can now sit back and relax….

To effectively implement an incident response plan it’s important that team members are trained on cybersecurity policies, as well as what their role and responsibility is in the event of an incident. This ensures that the organisation will be better equipped to quickly protect data and resume normal business operations in the event of a breach.

Automated penetration tests should also be undertaken regularly to test that the cybersecurity plans are robust.



5. Review and update the incident response plan

Finally, the cybersecurity incident response plan should not be allowed to gather dust in the corner. It must be reviewed regularly as an organisation’s requirements are likely to change over time.

At EveryCloud we work with you and your teams across the globe to protect data and minimise the impact of a cybersecurity attack.


Watch our technology in action and discover how we can support you by;

  • Delivering 360° data flow visibility, supporting compliance from GDPR to ISO270001
  • Identifying anomalous or risky behaviour, before it turns into a security incident
  • Enabling a flexible, remote workforce, while protecting corporate data, IP and PII - on and off the network!

If you’d like to find out more or see our technology in action, get in touch and book a demo with one of our Insider Threat Detection experts

Book a Demo