Remote working has been a significant societal and technology trend for the last decade but has been almost fully established by rushed necessity as a result of COVID19. Whilst Remote Working From Home (RWFH) offers significant benefits in terms of flexibility, productivity, business continuity the rush to establish the service and the criticality of the services and infrastructure upon which it depends means that organisations need a comprehensive incident response plan to protect the service, its users, customers and the organisation from any security incidents that might occur.
What is an incident response plan?
An Incident response plan is systemic, documented, communicated and ideally rehearsed approach to prepare for, detect, contain and recover from suspected Information or Cyber security breaches.
Proactive versus Reactive incident response
“A pint of sweat is worth a gallon of blood” – General George S Patton.
Planning, anticipating the threats and risks to your organisation and putting in place mitigation plans in advance is good practice. Documenting these plans and your incident response protocols is even better. Communicating and rehearsing these plans with relevant stakeholders is best practice. If you rehearse the key members of your organisation and partners they will have “muscle memory” when a real incident occurs. You are not winging it, hoping it will somehow work out due to the brilliance or luck of your team. The cyber security landscape is littered with case studies and youtube videos of how not to manage an incident response. It is fair to say that a lot of the organisations involved did not have best practice incident response planning or protocols in place prior to or during the incidents involved.
So what are the top 5 reasons you should have an incident response plan
1. How an organisation responds to an incident determines the impact and progress of that incident. The Ponemon Institute Cost of a data breach report 2020 cites the average cost to an organisation of a data breach, just one of the many types of cyber security incidents that might occur, at $3.86M globally. The same report identifies that the highest cost saver to an organisation in the event of a data breach was having an Incident response team in place with a tested Incident response plan. This action saved about $2M in overall incident costs for an organisation that has this team and a rehearsed incident response plan in place versus an organisation that doesn’t. In plain English – having an effective incident response team and plan in place saves you significant money, time and collateral damage when an incident occurs.
2. Your customers expect you to have an incident response plan– The Ponemon Institute Cost of Data breach report estimates that lost business as a result of a data breach accounts for 39% of the overall data breach cost to an organisation. A Forbes Insight report found that 46% of organisations had suffered damage to their reputation and brand as a result of a data breach. B2B customers increasingly are doing due diligence, risk and compliance assessments on their supply chain either at on boarding stage or as part of routine supply chain assurance for existing suppliers. Having a mature incident response plan as part of an overall information security management system helps win or retain your customers.
3. Your board and shareholders will expect you to have an incident response plan A severe cyber security breach for a typical FTSE 100 company equates to a market capitalisation loss of on average 1.8% or an average of £120M, according to an economic study from Oxford Economics. Your organisations board and its shareholder obviously expect that an organisation is doing its utmost to protect shareholder value. Financial analysts, venture capital firms and credit rating agencies are factoring in cyber security readiness into the methodologies by which they assess, recommend and score firms. Incident response planning, rehearsal and activation are foundational to any cyber security readiness, operations and cyber maturity assessments. Having a mature incident response plan as part of an overall information security management system helps protects your shareholders and your organisation.
4. Your insurers will expect you to have an incident response plan – Your insurers are one of the ultimate arbiters of risk. Their assessment backed up by industry data is how they decide whether to insure you and how to price your policy. Most B2B insurers now have detailed assessment of your information security and cyber security maturity not just for specific cyber risk policies but also for your general insurance policies. In a lot of cases your level of cyber security maturity are some of the determining factors in whether they will offer your organisation cover, for what occurrences, at what levels and for what price. A key element of that assessment is whether you have appropriate disaster recovery and incident response plans in place as well as assessment of information security incidents that have recently occurred. Having a mature incident response plan as part of an overall information security management system helps you get, retain and utilise economic levels of insurance.
5. Your regulators and auditors expect you to have an incident response plan – very few organisations operate in unregulated environments. Most regulators expect and increasingly mandate that their regulated entities have mature information security systems in place. Financial Auditors have obligations and standards to assess the true performance and financial nature of organisations, including the application and operation of financial risk management and financial controls. A key part of this Information Security Management System (ISMS) will be disaster recovery planning (DRP) and incident response planning (IRP) to safeguard the customers/consumers that these regulated entities service and in numerous cases to ensure ongoing safe service provision to these consumers/customers. Having a mature incident response plan as part of an overall information security management system helps you become more financially secure and compliant with general, industry specific and financial compliance obligations.