Need for Incident Response Plan – Part 1

AdobeStock 88260424
This entry was posted in Security and tagged on by .

The Need for An Incident Response Plan

In today’s world, Cyber threats and attacks are progressively becoming the norm. There is not one business or entity that is immune from them. It seems like no matter how much an organization does to fortify its defense perimeters; the Cyber attacker will find a way to circumvent it and inflict whatever possible damage that they can.

Consider some of these statistics:

  • Over 70% of business entities have reported that they have been a victim of a major Cyber-attack in just the past 12 months;
  • The automotive industry reported a 32% increase in detected incidents;
  • There was a 60% increase in Security breaches in the healthcare sector alone;
  • There was an astounding 527% increase in Cyber related incidents in the power and utility industry.
  • The average cost of a single corporate data breach reached $3.5 million, an increase of 15%;
  • Each record that is hijacked or stolen from a database costs a business on average $145.10.

These statistics further substantiate the fact that Cyber-attacks can occur in any industry as well.

The unfortunate truth is that many Cyber-attacks are so covert that they can often go unnoticed for a long period time.  Thus, this is where Incident Response becomes absolutely critical.  It can be specifically defined as follows:

“The process by which an organization handles a data breach or Cyber-attack, including the way the organization attempts to manage the consequences of the attack or the breach.  The goal is to effectively manage the incident so that the damage is limited in recovery time, costs, and brand reputation”.  (SOURCE:  1).

However, responding to an incident as soon as it has been discovered becomes absolutely crucial.  The above definition states that a process must be implemented, but it must be a defined and orderly one.

For example, there must be a clear line of communication, as well as specific roles and duties that are assigned to each member of the IR team. There must be a mechanism put into place which allows the IR team members to report back as to what they have discovered.  From there, the next action items can be quickly determined and enacted upon.

In other words, the IR process must detail how to handle just about any kind of Cyber-attack.  This process must be viewed as an emergency plan in order to increase the chances that a business entity will be able to resume normal operations in a quick and efficient manner.  This process can be diagrammed as follows:

  1. Identify the incident
  2. Respond to the incident in a timely manner
  3. Assess/Analyze the severity of the incident
  4. Notify the relevant parties about the incident
  5. Take appropriate measures to pretect sensitive data
  6. Prepare for quick business recovery in the wake of damage caused

Whenever an organization is hit by a Cyberattack, there is often a knee jerk reaction by the IT staff to immediately shut down the entire IT infrastructure in order to mitigate the threat. But this is a very risky proposition and can actually do more harm than good.  We will examine the pros and cons of this approach in our next blog.

Executive Summary

This is a white paper that focuses upon the importance of timely Incident Response and Communications when a business has been impacted by a Cyber-attack.  The topics covered as follows:

  • The Need for An Incident Response Plan;
  • The Risks and the Needs Associated of Going Offline;
  • The Benefits and the Needs for Fast Time to Detect and Time to Respond Periods;
  • The Importance of Communications in Incident Response;
  • The Incident Response Communications (Crisis Communications) Plan;
  • How to Report a Security Incident to Internal Stakeholders;
  • How to Report a Security Incident to External Stakeholders;


1)    Digital Guardian. (n.d.). Retrieved from