Skip to Main Content

5 Steps to Starting a Cyber Response Plan

Wednesday, February 13, 2019

Most organizations have some form of data protection in place. While these protections are critical for minimizing the damages caused by a breach, they don’t provide clear action steps following an attack. That’s where cyber incident response plans can help.

Cyber incident response plans are written guides comprised of instructions, procedures, and protocols that enable an organization to respond to and recover from various kinds of data security incidents. Cyber attacks are no longer a matter of if, but when, and reacting to an inevitable breach takes more than just threat neutralization.

Companies must have the ability to respond to and defend against evolving threats. Cyber incident response plans give organizations the tools they need to enhance their data protection practices further as well as help them:

  1. Anticipate cybersecurity incidents before they occur.
  2. Minimize the impact of cybersecurity incidents.
  3. Mitigate threats and vulnerabilities while a cyber attack occurs.
  4. Improve cybersecurity response overall, encouraging buy-in at a management level.
  5. Reduce the direct and indirect costs caused by cybersecurity incidents.
  6. Maintain business continuity in the face of major threats.

Here are five steps to start your Cyber Response Plan

1. Have a Cyber Incident Response plan

  • Use the resources your vendors and cyber insurance carrier provides to assist in building a plan
  • Call us; we can help too

2. Purchase Cyber Liability

  • Not just enough to have the coverage, but review it annually, as these policies change/evolve with regularity
  • Have a conversation with us about coverage, limits, and retentions

3. Pre-Select Vendors (if these vendors are listed in your Cyber insurance policy, then you don’t need to worry about pre-approval)

  • Data Breach Attorney
  • Cyber Forensic Specialist
  • Cyber Risk Management Professionals (explore carrier provided resources)
  • If you have a relationship with a data breach attorney or a forensics firm that isn’t listed in your Cyber policy, you may be able to add them as an approved vendor or at least have an agreed-upon rate the carrier will agree to pay them

4. Know the phone number of your Cyber Breach Coach / Data Breach Attorney

  • Schedule an introductory pre-call / meeting (we can coordinate this for you)
  • Save their number in your cell phone with your carrier name and policy number, including Limit and Retention
  • Make sure the CEO, CFO, GC, CISO or related positions at your firm have this information
  • Also, have your Horton team member’s number saved in your cell phone to assist with any aspect of this process

5. Save a Copy of your Cyber policy on your home computer (that wouldn’t be affected by a corporate breach)

  • Most save their Cyber policy to their work computer, but in most ransomware attacks you won’t have access to this important file
  • Select 2-3 individuals within your company to save the Cyber insurance policy to their home computers (preferably in the cloud so they can be accessed from anywhere, even if you’re not at home) or smartphones


Some parts of this article reference Zywave materials.  © 2020 Zywave, Inc. All rights reserved.



Material posted on this website is for informational purposes only and does not constitute a legal opinion or medical advice. Contact your legal representative or medical professional for information specific to your legal or medical needs.