Broker Check

The Need for an Incident Response Plan

June 30, 2023

Given that cyber breaches will occur, businesses need an incident response plan to address them. According to a post by Phil Robinson in Cyber Security Intelligence ( most businesses do not have a plan. (While the post is based on a United Kingdom survey, the situation is probably similar in the United States.)

An incident response plan enables a business to react quickly to a breach, identify compromised data and select an appropriate response. IBM Security found it takes an average of 70 days to contain a breach; the cost of resolution is 58% higher if there is no response plan.

An incident respons eplan should include the following components:

  • List the resources, training and teams.
  • Procedures to be followed, including contact information.
  • Assess and investigate the impact.

The response plan needs to follow the stages of a threat:

  • Identification and analysis.
  • Containment. 
  • Eradication.
  • Recovery.
  • Post-incident review.

Once the plan is in place it must be regularly tested and updated. Remember, failing to plan is planning to fail.