An Incident Response Plan is a formal document that is prepared for your business and sets out procedures to follow in response to a suspected or actual cyber attack. It is a “play book” that is followed during one of the most confusing, stressful and difficult experience that any management, executive or ownership team will ever experience while trying to run a business. While IT systems and networks can and should be built and implemented securely, industry professionals know that “cyber security” is not an IT problem.
Statistics tell us that cyber attacks are incredibly costly and damaging. In fact, more than half of businesses hit with a cyber attack go out of business altogether. Fortunately, those that have a formal incident response plan and practice using it lower their risk of experiencing an attack and significantly reduce the impact and costs associated with one on their business. True cyber security and incident response planning requires an entire business to shift their mindset and focus on the greatest threat to businesses today.
Cyber attacks are more prevalent now than ever. You may be attacked more than once and you must always be vigilant in managing the risk to your business. Additionally, your business may be under a legal obligation to report these incidents to the Government or your clients. Since your legal obligations following a cyber attack depend on the unique facts of your situation, you need to find out what happened.
Knowing all the facts following an attack will give you a crystal clear understanding of exactly what happened, allow you to get legal advice from a well qualified privacy lawyer and give you an opportunity to reevaluate your cyber security program to make any necessary changes to minimize future attacks.
Canadian businesses are now under various Federal and Provincial obligations to report cyber attacks to the Government or their clients, depending on the nature of the attack and the information accessed by the hacker. Would you want to call your clients to report a data breach?
Most businesses would prefer to deal with the aftermath of a cyber attack internally rather than involving Government regulatory bodies or telling their clients that they failed to adequately safeguard important and private data. The damage to your reputation could be enormous.
Conducting a thorough post incident investigation allows you to determine the facts surrounding the cyber attack which allows you to learn your exact obligations to report the incident.