Five Steps to Creating a Cyber Security Incident Response Plan

Five Steps to Creating a Cyber Security Incident Response Plan

Concern for cybercrime has increased 62% in the past year.
Over 41,600 incidents and 2,013 confirmed data breaches were investigated by Verizon and its partners in the past year.1
The numbers paint a dark picture of the growing threat to businesses of all sizes - concern for cybercrime has increased 62 percent in the past year among business decision makers, according to a recent survey.2
To prevent or mitigate loss, an incident response plan should be a critical component of your cyber security toolkit.

Creating a Solid Incident Response Plan

An incident response plan (IRP) must be tailored to the cyber risks your business faces. While every plan will differ, reference these high-level steps as a guideline for creating your IRP:
  1. Preparation: Identify employees and outside vendors who will handle potential incidents and prepare them for their role in incident response. If a cyber attack were to occur, it is imperative that responsibilities are clearly defined.
  2. Detection: Have proper monitoring in place that provides constant and comprehensive coverage of your network. Differentiate between minor and major events and have appropriate escalation processes.
  3. Containment: Isolate the infected system and analyze the cause of the infection.
  4. Recovery: Eradicate the cause of the infection (block malicious IP addresses, change passwords, patch holes, fix vulnerabilities, etc.) and put the network back into production while complying with regulatory requirements. During this time, it is also important to take measures to protect the company’s brand and image.
  5. Post-incident Review: Discuss lessons learned with appropriate stakeholders and take action to fix identified gaps in security, ensuring similar incidents are avoided in the future.

Put Your IRP Into Practice

Once you have created an IRP tailored to your specific business, it is important to maintain the plan as an integral part of your business operations. Review the IRP annually (or more frequently) and conduct periodic training sessions with the designated response team.

Role of Insurance

Even with a solid IRP in place, your business can still be a victim of a costly cyber attack. Consider purchasing cyber liability coverage to protect your business - for more information, contact an agent from The Hartford, or visit our CyberChoice First Response product page. For technology focused businesses, please visit the FailSafe technology E&O site.
 As a policyholder of The Hartford, your organization has access to cybersecurity services and resources, including The Hartford’s Cyber Breach Helpline and CyberChoice First Responders, as well as employee training and education to help reduce your organization’s risk while ensuring delivery of its critical services. Visit The Hartford Cyber Center para conocer más.
1 Verizon 2019 Data Breach Investigations Report:
2 Decision Maker 1H 2019 Pulse Survey
La información proporcionada en estos materiales brinda información general y de asesoría. It shall not be considered legal advice. The Hartford does not warrant that the implementation of any view or recommendation contained herein will: (i) result in the elimination of any unsafe conditions at your business locations or with respect to your business operations; or (ii) be an appropriate legal or business practice. The Hartford assumes no responsibility for the control or correction of hazards or legal compliance with respect to your business practices, and the views and recommendations contained herein shall not constitute our undertaking, on your behalf or for the benefit of others, to determine or warrant that your business premises, locations or operations are safe or healthful, or are in compliance with any law, rule or regulation. Readers seeking to resolve specific safety, legal or business issues or concerns related to the information provided in these materials should consult their safety consultant, attorney or business advisors. All information and representations contained herein are as of November 2021.
Links from this site to an external site, unaffiliated with The Hartford, may be provided for users' convenience only. The Hartford no controla o revisa estos sitios. La provisiòn de cualquiera de estos enlaces no implica la aprobación o asociación de The Hartford con dichos sitios. The Hartford no es responsable y no ejerce ningún tipo de representación o garantía relacionadas con los contenidos, integridad, precisión o seguridad de cualquier material publicado en dichos sitios. Si usted decide ingresar a sitios que no pertenezcan a The Hartford, lo hace bajo su propia responsabilidad.
The Hartford Financial Services Group, Inc., (NYSE: HIG) operates through its subsidiaries, including the underwriting company Hartford Fire insurance Company, under the brand name, The Hartford,® and is headquartered in Hartford, CT. For additional details, please read The Hartford’s legal notice at
The Hartford Staff
The Hartford Staff
Our editorial team spans writers, researchers, product specialists and subject matter experts. We cover the intersection where best practices and business insights meet.