Your Incident Response Plan Will Make or Break Your Business When a Cyberattack Hits

The time between a cyberattack and final recovery can make or break your business -- a cyberattack can take days or weeks to resolve -- and there’s never a convenient time for such an attack to occur.   

A well-designed incident response plan will allow you to address a cyberattack quickly and strategically. It can keep the attack from snowballing into a major disaster.

Make sure you have the components of an incident response plan in place.

Build Your Plan ›

Why Your Incident Response Plan Matters

Suppose a ransomware attack encrypts all your computers. Your cyber insurance company says their IT forensics team will arrive in the next morning.

Then it will take at least four to five more days to resolve the incident. Unfortunately, you need to cut your retiree pension checks in two days, and your members will be furious if they’re late.

So you pay the ransom, only to have the attackers demand more. Meanwhile, the clock is ticking on those pension checks.

What Should Have Happened?

Depending on how much of your system is locked out, your incident response plan should have triggered either:

  • Your business continuity plan — which focuses on ensuring critical functions are available at all times, except after a major disaster. For example, if you have redundant and independent networks and hardware, your business continuity plan could have you switch functions to the other network until the primary system is fixed (assuming the secondary network had not been affected). Or you might be able to process checks manually or, if you have previous arrangements with another vendor to cut checks in the event of an emergency, your business continuity plan might have you go that route.   
  • Your disaster recovery plan — which typically uses a third-party vendor to establish off-site work facilities and infrastructure. You might have to initiate your disaster recovery plan on the first day to at least have certain hardware and applications running because your retiree pension checks are due on the second.

Have questions? Get in touch.

Contact Segal ›

Bridging the Gap between Attack and Recovery

These are some of the components of an incident response plan necessary to help you bridge the gap between the time a cyberattack strikes and when it is resolved:

  1. A list of critical business functions,
  2. When those critical business functions occur on the calendar and how much time they usually take to complete, and
  3. The criteria used to determine if you must initiate alternate arrangements to meet your critical business obligations. 

Some incident response plan templates are available free on the internet. Some cyber insurance companies include them when you buy their insurance. But they all offer the same basic steps — contain, eradicate and recover from the incident, then resume normal operations. 

The problem is none of the free templates address that third component — what do you do if it takes several weeks to resume normal operations?

You don’t have several weeks to spare. Start building your incident response plan.

Find Out How ›

Share this page

Contact an Expert

Stuart Lerner

Stuart Lerner

SVP, Administration and Technology Consulting Practice Leader

Amy S. Timmons

Amy S. Timmons

VP and Senior Consultant, Administration and Technology Consulting