Beazley: Is your incident response plan up to scratch? by Matt Smith

25/09/2015 04:55

Organisations that believe they have incident response plans could be at risk because the documents have not been put together properly or updated regularly.


Sandra Cole, UK breach response manager at Beazley, told Business Reporter ahead of next week’s R3 summit that firms need to “understand what their risk is” and ensure that their response plans are regularly updated, detailed documents.

“We see organisations who say they have incident response plans but they’re actually two pieces of paper that are covered in dust sitting on somebody’s desk somewhere,” she said.

“A good incident response plan has got to be a living document. It’s got to be something that’s tried and tested. It’s updated regularly and it’s clear and easy to use.”

It should include information on relevant laws and regulations, how a response should be handled, and team members’ contact information both inside and outside of office hours, she added. But before assembling this information, firms need to evaluate their risk.

“Organisations need to understand what data they hold and how they hold it,” Cole explained. “They need to make sure that their employees are security aware, security conscious and trained to not only respond to security events but to look out for them.”

With such a range of cyber threats on the radar, she said firms cannot have a specific plan in place for every type of incident, but a good incident response plan can make the process smoother and demonstrate care and awareness to regulators.

“It’s just not possible to be prepared for every event,” Cole explained, noting that security breaches span from sophisticated hacking attacks to employees leaving laptops on the train. “There is only so much you can do to prepare for human error… But equally at the other end of the scale hackers are getting very, very sophisticated.

“You can’t prepare for every eventuality, but you can have an incident response plan that assigns roles and responsibilities to people, that has an insurance offering that can help you respond to it, so that you can demonstrate to regulators in particular that you take the matter of data security very seriously.”

Cole said that working with third parties on the legal and public relations aspects of the response can be “invaluable” and can help to limit the damage.

“They need to be able to reach out to very experienced vendors to provide a response which limits the risk of third-party liability claims after the event,” she said. “Quite often organisations aren’t experienced enough to understand that an incident has resulted in data going outside of their control.”

By taking these steps, Cole said firms can reduce the risk of claims following an incident.

“In our experience, because of our third-party breach response services, the better handled the breach, the less likely it is that liability claims will come out of it,” she said.