Creating a Cyber Incident Response Plan: 4 Key Steps for Businesses

Earlier this month, I talked about the importance of a cyber incident response plan (CIRP) in helping your business better contain and reduce the impact of a cyberattack. Here, we’ll look at four initial steps for getting started with your own CIRP.

According to Cybersecurity Automation, an online news source for trends in cybersecurity, a well-designed CIRP should accomplish the following:

1. Identify the type of security risk

Knowing what is being compromised (and how) allows you to prioritize the incident and determine the response needed.  

2. Document the details

Documenting incidents provides the business with key information regarding the type of attack, including where it originated and how. This information can help provide information when updating your CIRP.

3. Include a data backup and recovery plan

Cloud backup and recovery solutions are lifesavers in preventing data loss due to a cyberattack.

4. Be subject to regular testing

Periodically testing your CIRP ensures that processes and protocols are updated and working the way they should.

The following are four basic steps that any business can use to create their own CIRP:   

1. Develop a list of strategies and protocols for what to do when an incident occurs

A cyberattack can’t be effectively addressed by one person. Be sure your plan designates who is responsible for specific tasks, such as identifying, locating and triaging the threat, as well as customer service and legal tasks. 

2. Map out a detailed containment process

Once a threat has been identified, it must be contained. Your CIRP should include steps for taking devices offline and shutting down networks to prevent the progression of an attack. Don’t forget devices used by employees who are working remotely. 

3. Create an effective elimination strategy

After being contained, a threat must be eliminated. Depending on the type of attack, your CIRP should have processes that include how to properly clear all devices and networks. 

4. Develop a plan for restoring devices and networks

Every CIRP should include a plan for how to get the business back up and running. For example, what’s your plan for installing new firewalls, security patches, a clean data backup system, and new credentials for employees?   

On average, data breaches cost small to medium-sized businesses (SMBs) $101,000 in legal fees and expenses. Unfortunately, many SMBs surveyed said they don’t have a cyberattack prevention plan or cyber liability insurance. If you haven’t already, now is the time to address cybersecurity to better safeguard your business.

Cyber liability insurance provides protection against the costs associated with security breaches, business email compromise, social engineering, ransomware, malware, viruses, etc. Oakwood D&O can help determine the best coverage for your operation – whether you own a small business or manage a large corporation.  Get in touch — email Eli Solomon, CEO, at or call 323-686-7519