Cyber incidents have surged in recent years, with attacks more than doubling since 2020 and the number of victims totaling in the hundreds of millions in 2023 alone. These incidents can cost organizations millions or even billions of dollars, which is devastating enough all on its own, but doesn’t even account for the damage to their reputation a data breach will inevitably incur. 

While avoiding cyber incidents altogether is the ideal, it’s far from a realistic expectation; it’s not even a matter of if, but rather when one will occur. Ideally the organization under attack is trained and ready to respond expediently and effectively to mitigate damage and safeguard against significant financial and reputational loss. 

Tips for Effective Cyber Incident Preparedness

Cyber incident preparedness can be the difference between a data breach brushfire and a five-alarm information inferno. What that preparedness looks like may vary depending on the specific organization and their respective industry, but there are some general guidelines that can help ensure an effective response in the event of a cyberattack. 

Create a Comprehensive Breach Response Plan for Your Organization

Obtain Cyber Insurance

Having cyber insurance in place is a foundational element of any cyber incident preparedness plan. Limiting liability in the event of a significant cyberattack does not always mitigate reputational damage, but it can at least reduce financial loss. 

Organizations looking to receive cyber insurance coverage want to ensure that strong cybersecurity measures are already in place and that those measures are regularly assessed for vulnerabilities. Potential insurers may look for  companies to be supporting their security posture with a written and tested incident response plan, multi-factor authentication, data encryption, a strong access control system, employee training programs, cyber incident response plans, and more when considering coverage. 

It's also important to understand and take advantage of all that the insurer provides. Most insurance providers will have preapproved providers who have been vetted and confirmed to be competent at assisting with the various components of an incident, so you know you are in good hands. Some policies offer a data breach coach who can work with the organization during a data breach to help manage risk and mitigate damage. The policy may also cover digital asset restoration, which helps to recover important data that was compromised in some way during the cyberattack.

Enlist Third-Party Help

Cyber incidents are generally not something that can be handled in-house. At the very least, a considerable data breach will require outside legal counsel, a forensic consultant, and a PR firm. It’s crucial to know which third-party vendors will fill these roles ahead of time, and to include those vendors on the insurer’s panel. Vendors should also directly engage, both contractually and operationally, with outside counsel to maintain privilege. 

Some organizations also work with third-party cyber incident response teams to help them to prepare for a cyberattack and react to one quickly. These teams can strengthen cybersecurity measures, run mock data breach scenarios, create templates and build scripts, and even administer class action settlements.      

Train Employees

A 2020 study by Stanford University found that human error is responsible for 88% of data breaches. The subcategories under the “human error” umbrella are numerous, but they’re all unified by the fact that they can be either drastically reduced or totally eliminated by a robust security awareness program that includes effective employee training.

Training should be used to emphasize the importance of cybersecurity, inform employees of the various forms of cyberattack, encourage employees to speak up about suspicious activity or potential security threats, and highlight both cybersecurity best practices and a data breach response protocol.   

Identify and Prepare Key Players

Every member of an organization should be aware of the importance of cybersecurity, but not every one of them will play a critical role in responding to a cyber incident. Those that will play a critical role should be identified and specially trained for their role in the response.

Anyone likely to be working on the response should be made aware of the importance of attorney/client privilege as it pertains to a data breach and should be regularly trained on the concept. It may also be wise to provide media training to those assigned spokesperson roles. 

Beyond the media, response teams should be prepared for communication with the following:

• Clients
• Partners
• Investors
• Shareholders
• Board Directors
• Employees

Preparation should include training on how to address the cyber incident in communications, what to avoid saying, and both the use and importance of correct terminology. This training should, in some capacity, extend beyond the key players to all employees including those who are client facing. 

Run Through Preparedness Exercises

Some of the most popular cyber incident preparedness methods are phishing tests and tabletop exercises.

Phishing tests involve sending members of the organization emails that resemble phishing emails to help them better recognize and avoid them. Some organizations emphasize the importance of compliance by considering the results of phishing tests in annual performance reviews.

Tabletop exercises are something like a fire drill for cyber incidents. In them, key responders will gather together and go through potential cyber incident scenarios, often guided by a third-party expert and even counsel. These exercises help give organizations simulated experience with an actual data breach, clarify the roles and responsibilities of key players, and both identify and address potential vulnerabilities and gaps in an organizations incident response plan.

Consider Cyber Risk Beyond Your Internal Ecosystem

It’s not always an internal vulnerability that can lead to a cyber incident. It’s important for organizations to consider the security of third-party systems that might interact with theirs, and to include a cyber review as part of due diligence when making any acquisitions. Three of the largest breaches in the past year have been third party breaches. Working with or acquiring a company that has inadequate cybersecurity is essentially no different than an organization having inadequate cybersecurity itself.

Conclusion

The risk of cyber incidents is on the rise, and the financial and reputational consequences associated with them can be devastating. While there may not be a way to totally avoid cyberattacks, incident preparedness can help to mitigate damage and reduce risk. That can include things like robust security awareness programs, ongoing employee training, tabletop exercises and phishing tests, and working with third-party vendors who specialize in data breach preparedness.