How to develop a data breach Incident Response Plan, IRP

Stew Nelson Senior Risk Advisor

Stew Nelson
Senior Risk Advisor

Developing a data breach Incident Response Plan, IRP – the first step needed to obtain Cyber Liability Insurance.

As Senior Risk Advisor at Kapnick Insurance Group I am responsible for reviewing the accounts of our largest clients to insure that they have a solid Risk Management Program in place.  I must say that with a few exceptions – I have been underwhelmed by the lack of preparation that I have observed by what should be a relatively sophisticated group of business managers.  I am not sure about why this is happening except I must believe it can only be that no one believes it will happen to me and I cannot afford to fix this problem.  I cannot emphasize enough how wrong this attitude is and how costly this attitude could be when they do experience a breach!

Notice I said “when” not “if” they experience a breach.  Most experts believe that every business will experience a data breach of some sort.  In fact, according to Symantec, attacks increased by 31% last year on firms with less than 250 employees and are likely to increase even more this year.  It is not hard to figure out why….small businesses are an easier target than large businesses.  In my opinion, this is not because they lack the tools or the know how to protect their data it is just that they are totally unprepared for a cyber attack.

Publicly traded companies (usually very large companies) are now required by the SEC (For good reasons!) to discuss cyber liability risks that they face in their annual and quarterly reports and what preparations they have made to counter them.  My suggestion is that every company “imagine” that they are publicly traded and start thinking about and then develop a plan for what they would do if they experienced a data breach.  This plan is sometimes referred to as an Incident Response Plan, IRP, or Written Information Security Plan, WISP.

The purpose of an Incident response Plan, IRP is to bring together resources together in an organized manner to handle a real or potential loss of data.  The goal of the plan is limit monetary and network damages and reduce recovery time to minimize costs.   There is no need to reinvent the wheel here as there are numerous sources on the web of sample plans.  Look over some templates out there and see which appear to be the easiest and most relevant to your business.  Then get started!  FYI – Most of the national carriers that are writing Cyber Liability insurance will not bind coverage without an IRP.   My next article will look at some of the other requirements that I am starting to see that are a prerequisite to obtaining Cyber Liability insurance and therefore are a good starting point for what you really need to do to protect you data.