Cybersecurity for Business: Developing and Maintaining an Effective Incident Response Plan
Thursday, June 9, 2022
Does Your Business Have A Cybersecurity Incident Response Plan?
Print Mail Download i

Data breaches have become more frequent and costly than ever. In 2021, the average data breach cost companies more than $4 million. Threat actors are increasingly likely to be sophisticated. The emergence of ransomware-as-a-service (RaaS) has allowed even unsophisticated, inexperienced parties to execute harmful, disruptive, costly attacks. In this atmosphere, what can businesses do to best prepare for a cybersecurity incident?

One fundamental aspect of preparation is to develop a cyber incident response plan (IRP). The National Institute of Standards and Technology (NIST) identified five basic cybersecurity functions to manage cybersecurity risk:

  • Identify

  • Protect

  • Detect

  • Respond

  • Recover

In the NIST framework, anticipatory response planning is considered part of the “respond” function, indicating how integral proper planning is to an effective response. Indeed, NIST notes that “investments in planning and exercises support timely response and recovery actions, resulting in reduced impact to the delivery of services.”

But what makes an effective IRP? And what else goes into quality response planning?

A proper IRP requires several considerations. The primary elements include:

  • Assigning accountability: identify an incident response team

  • Securing assistance: identify key external vendors including forensic, legal and insurance

  • Introducing predictability: standardize crucial response, remediation and recovery steps

  • Creating readiness: identify legal obligations and information to facilitate the company’s fulfillment of those obligations

  • Mandating experience: develop periodic training, testing and review requirements

After developing an IRP, a business must ensure it remains current and effective through regular reviews at least annually or anytime the business undergoes a material change that could alter either the IRP’s operation or the cohesion of the incident response team leading those operations.

An effective IRP is one of several integrated tools that can strengthen your business’s data security prior to an attack, facilitate an effective response to any attack, speed your company’s recovery from an attack and help shield it from legal exposure in the event of follow-on litigation. 

© 2024 Varnum LLP

Current Legal Analysis

More from Varnum LLP

Effective July 1, DOL Increases the Salary Threshold Required for Most White-Collar Exemptions
by: Luis E. Avila , Maureen Rouse-Ayoub
New FTC Rule Bans Most Non-Compete Agreements
by: Seth W. Ashby , Maureen Rouse-Ayoub
U.S. EPA Designates PFAS Chemicals as CERCLA Hazardous Substances
by: Matthew B. Eugster , Kyle P. Konwinski
Student Loans and Educational Benefits
by: Charles M. Russman , Carolyn M. H. Sullivan
EPA PFAS Rule Imposes New Requirements on Public Water Systems
by: Matthew B. Eugster , Christopher J. Biggs
Preparing for Michigan Liquor License Renewal 2024-2025
by: Christopher P. Baker , Jailah D. Emerson
Department of Justice Ramps Up Investigations of Private Clubs that Received PPP Loans
by: Ronald G. DeWaard , Regan A. Gibson
Bridge Collapses and Contractual Uncertainty: Navigating Force Majeure
by: Scott J. Hill
IC3 Internet Crime Report Reveals Intensifying Cyberthreats in 2023
by: Joshua B. Feinberg
Tips to Avoid Common Retirement Plan Errors
by: Charles M. Russman , Carolyn M. H. Sullivan

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins