If you own a business the question of whether you will suffer a cyber incident is not one of ‘if’ but ‘when’. In the 12 months from March 2020/21 four in ten businesses (39%) and a quarter of charities (26%) reported experiencing cyber security breaches or attacks.
The National Cyber Security Centre (NCSC) defines a cyber incident as:
“unauthorised access (or attempted access) to an organisation's IT systems. These may be malicious attacks (such as denial of service attacks, malware infection, ransomware, or phishing attacks), or could be accidental incidents (such as damage from fire/flood/theft)”.
What is a cyber incident response plan?
A cyber incident response plan is an internal document that outlines how to respond to a serious cybersecurity event that impacts a business's operations.
The key to resolving a cyber incident quickly is to have a clear cyber incident response plan in place which is accessible to relevant people in your organisation. Below are three key steps when implementing a response and recovery plan.
1. Identify risks
The first step in your response and recovery program is to undertake a cyber risk assessment. This exercise should involve data mapping, so you understand where personal data (often the target of a cyberattack) is held within your business.
It is important to identify the systems that are critical to ensuring your business can operate in the event of a cyber incident. All essential information such as email addresses and customer order information should be backed up on a daily or weekly basis.
2. Create the incident response plan
Once you have identified the risks to the data you hold and the systems required to operate your business, you need to create a plan that sets out the steps that must be followed if a cyber incident occurs.
Qualified/trained employees should be assigned certain roles and responsibilities as a part of an incident response team. Similar to having regular fire drills, mock cyber incidents should be staged regularly so everyone can practice their recovery roles.
During these drills, each of the phases of the incident response plan should be carried out to ensure that the team fully understand the process of incident management.
3. Know how to report an incident
Reporting a cyber incident to the right people is a crucial part of the incident handling process. A cyber attack is a criminal offence and therefore should be reported to Action Fraud and the police. If you have suffered a data breach, you are required under the UK GDPR to report the incident to the Information Commissioner’s Office (ICO) within 72 hours.
Get legal assistance for LawBite
Cyber incidents must be taken seriously, and you will likely need to seek the advice and representation of an experienced solicitor to help you answer questions from enforcement bodies. Our team can assist you with reporting a cyber incident and help you navigate interactions with regulators.
For a free 15 minute cyber protection consultation, just click ‘Get started’ below.
