Virtualization Technology News and Information
How to Create a Cyber Incident Response Plan In Case of Security Breaches
It often seems that as our technology advances and becomes more complicated, the efforts of cybercriminals become more concerted and sophisticated in response. In fact, 2021 saw a record number of data breaches, with a staggering 68% rise from 2020

While you may think that the primary targets of cyberattacks would be large corporations or businesses that hold massive amounts of sensitive customer data, the truth is that no business is safe from cybercrime. In fact, hackers often target small to medium sized businesses because they usually have less robust security measures in place and are thus seen as ‘softer' targets with lower levels of website credibility

Many cyberattacks are aimed at smaller businesses and only half of small businesses are prepared to deal with those attacks. Stop and think for a moment. What measures do you have in place to deal with a cyber incident? If your business is the victim of a cyberattack, what plans do you have in place to deal with it and get your business back on track in the wake of an attack?

What is a cybercrime?


You will have heard the term ‘cybercrime' so often that sometimes it can be easy to forget that there are many different types of such attacks. There are also several reasons for cyberattacks, from financial gain to identity theft to attempts to uncover information on a company's operations and terminology management. Here are some of the main types of cybercrime your business may encounter:

  • Attacks using ransomware or other types of malware.
  • Data-targeted attacks; this can include theft of data, loss of data, or data manipulation.
  • Compromised accounts (often for financial gain)
  • Data compromise (theft, loss, or manipulation)
  • Identity theft; this can happen at personal level (impersonating individuals) but also at enterprise level where criminals can assume the ‘identity' of an organization.
  • Digital currency scams including cryptojacking and cryptomining.

The cost of cybercrime


Image sourced from

Cybercrime globally was estimated to cost businesses and individuals a huge $6 trillion in 2021. That figure is expected to reach around $10.5 trillion by 2025. It is clear that this is an area where there are not enough qualified staff or enough training to meet cybersecurity needs.

In 2021, there were some 3.5 million unfilled cybersecurity positions, perhaps a reflection of why cybercrime statistics were so high that year. That makes ensuring your business has a robust cyber incident response plan to deal with any attacks. You may not have the skilled and experienced staff you need, but having a detailed plan in place can offer some protection and response.

How to create a cyber incident response plan

Hopefully you can see that the idea that any business is safe from cyberattacks is pure fiction. It doesn't matter whether you run a small business or a large corporation, there is a good chance that you may be targeted at some point. If you are going to create a solid cyber incident response plan, then preparation is key. The level of preparation is going to depend on several factors including size of your business, business type, amount of data stored, and so on.

1.    Identify and assemble a team


The first thing to remember is that if your business is the victim of a cyberattack, then it does not just affect your computer or IT systems. Some areas of your business may be safer than others, for example, if you run an Excel forecasting model. So, when thinking of a team to work on your cyber incident response plan, you should list every department in your organization who may be affected in some way by a cyberattack.

While your IT staff may form the core of any team - after all, the attack will have occurred via some part of your IT network - you do need to think who else will be affected and who can contribute to a speedy recovery. It may be the case, particularly with smaller companies, that you have no IT staff experienced in cybersecurity and you may decide to have consulting proposals to outsource some of your plan.

One department you should definitely include in any cyber incident response plan is your HR department. After all, an attack may have included the theft of your employees' personal data so an HR professional can deal with any concerns your staff may have. Similarly, you need a customer service team member involved in case customer data has been compromised.

Another area to consider is to have PR or legal staff on the team. Again, depending on the size of your business, this area may be outsourced, but you need team members who can deal with external communications such as press releases. You should also have a member of your c-suite overseeing the team who has responsibility for reporting to the board or major stakeholders.

2.    Identify your weak points and your most important assets

Your cyber incident response plan should focus on where an attack might happen and what your most critical assets are. With cybercriminals using more sophisticated ways of attacking systems, even a business with a high level of protection may still be subject to an attack, so knowing where potential weak points exist is a major factor in planning a response.

Your systems may be as watertight as they can be but the biggest cause of data breaches is human error. That means you need to recognize that your employees are, potentially, your primary vulnerability. By recognizing this, you can build regular training into your plan and can focus on those simple vulnerabilities such as a poor password policy.

By knowing what your most important assets are, you can both increase the protection around those assets but also have a recovery element built into your cyber incident response plan. By having a set plan to recover any assets, you can respond quickly to an attack and have your business operating normally again as soon as possible.

You also need to look at any external agencies or partners and see how robust their security is, especially when it comes to communication and transfer of info to and from you. For example, smaller businesses and startups may outsource accounting work due to budget restrictions so you may have used a free bookkeeping contract template at some point.

3.    Backup and support


While you may have good IT security personnel, a serious attack may mean you need external resources. With so many companies specializing in cybersecurity, you should identify a proficient service or individual who can help with both improving your existing security and also aid in any response when an attack occurs.

The second ‘backup' element to your cyber incident response plan should focus on your data, information, and documentation. If your on-site data is completely lost, having an offsite backup is crucial to your recovery plan. This may be physical servers in another location or it may be cloud-based storage.

In the event of complete data loss, being able to quickly access and recover from your backups means you can resume operations quickly. You should have a person or team (depending on size of business/amount of data) whose sole responsibility is data recovery. You should also make sure that all crucial data is automatically backed up to your external resource.

4.    Create a response roadmap

The phone goes; there's been a major cyber incident. Is your team ready? Do they know their roles and what to do in different circumstances? Having a roadmap or checklist for your cyber incident response plan team is an essential component of dealing with any cyber-related issue efficiently and ensuring your business recovers quickly. There are five key elements you should consider for your roadmap:

  • Identify where the breach has occurred and what the cause was if possible.
  • Contain the beach as much as possible. This could include isolating part of your system if the issue is localized.
  • Recover all affected systems and data from your backups.
  • Audit the incident, identify what caused it, and if steps can be taken to prevent a similar incident in the future.

5.    Use your communication strategy

After any incident, you should have a well-designed communication strategy as the final element of your cyber incident response plan. That includes having a list of people who have to be notified although in some cases, differing levels of information may need to be divulged. Some of the people/bodies you may need to notify include:

  • Government entities which can be state or federal. Be aware of any laws and regulations covering who you need to give details to.
  • You also need to communicate internally as to the level of breach and also whether any new policies will be implemented.
  • Major stakeholders including partners, clients, and shareholders.
  • Is there a need to notify the public? This will depend on the nature of your business and of the incident itself.

How you handle communications should also take into account any deadlines, the seriousness and public awareness of the incident, and whether you need to outsource and PR statements.

The takeaway


As the statistics show, every business should be taking cybercrime - and cybersecurity - very seriously. You need to look closely at every potential external and internal vulnerability, from how you use services such as PandaDoc signature to how your staff use social media.

Having a good cyber incident response plan is crucial for any size of business. While the details of each plan may differ slightly according to business type and size, the basic foundations of such a plan remain the same. While the measures you may take to protect against cyber attacks may be getting more sophisticated, so are the efforts of the cybercriminals.



Yauhen Zaremba - Director of Demand Generation


Yauhen is the Director of Demand Generation at PandaDoc, all-in-one document management tool for almost all types of document including this California bill of sale template. He's been a marketer for 10+ years, and for the last five years, he's been entirely focused on the electronic signature, proposal, and document management markets. Yauhen has experience speaking at niche conferences where he enjoys sharing his expertise with other curious marketers. And in his spare time, he is an avid fisherman and takes nearly 20 fishing trips every year. He has also written for other domains such as and DivvyHQ.

Published Thursday, September 08, 2022 7:30 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2022>