When a business faces a cyberattack, often what matters most is how they react and manage the fallout. Yahoo, Equifax, and Uber are all examples of companies whose reputations suffered greatly due to their slow response and poor communication with consumers.  According to an Edelman security study, 71 percent of global consumers said they would switch providers after a company they rarely used suffered a data breach.

That’s where incident response comes in. Incident Response (IR) is “an organized approach to addressing and managing the aftermath of a security breach or cyber attack, also known as an IT incident, computer incident, or security incident.” An Incident Response Plan (IRP) should include procedures for detecting, responding to, and limiting the effects of the data security breach.

Furthermore, your company needs an Incident Response Team (IRT) to periodically review and update your company’s IRP, and be ready to activate the IRP as soon as a cyber event is detected.  A big mistake that businesses victimized by cyber attacks make is waiting to develop a plan until an incident has occured.  According to an ESET poll of small businesses, nearly half said they didn’t have an IRP.  Scary, though not surprising.

But time is critical post-breach, and you need to know what you’re going to do before you get into the heat of the moment.  Otherwise, your company can incur unnecessary stress, loss of reputation, loss of money, and a potentially bungled recovery effort.

The IRT should be made up of employees from a cross section of departments, including public relations, legal, and IT, and should also include top management officials.

IR is necessary because no matter how big or small your company is, you can still get hacked.  The good news is that IR has high cyber security ROI. And with cybercrime damages expected to cost the world $6 trillion annually by 2021, according to a Cybersecurity Ventures report, that could amount to a lot of savings.

So, how much could a company spend on incident response for a major incident?  Businesses spend an average of $89,000 per cybersecurity incident, but some investigations end up costing hundreds of thousands of dollars.

A state-of-the-art cyber policy can pay costs incurred in the recovery process, including computer forensics, overcoming reputational harm, restoration of data, and payment for lost income due to business interruption.

Incident Response Plan 2