The Best Fluffy Pancakes recipe you will fall in love with. Full of tips and tricks to help you make the best pancakes.
300x250_1
Iframe sync
Ilia Sotnikov, Security Strategist and VP of User Experience at Netwrix, is a visionary and technology evangelist in cybersecurity.
Security incidents are inevitable—and the financial consequences can be staggering. Forty-five percent of organizations that detected a cyberattack in 2024 incurred unplanned expenses as a result, and 1 in 5 reported losing a competitive edge, according to our Hybrid Security Trends Report. Moreover, 16% reported a decrease in company valuation, and 13% had to deal with lawsuits, a huge increase from just 3% for each of those outcomes in 2023.
Fortunately, there are proven ways to reduce your financial risk from cyberattacks significantly. This article focuses on one of them: a solid incident response plan (IRP). Indeed, the 2023 IBM Cost of a Data Breach report found that incident response planning and testing reduced the average cost of a data breach by a hefty $1.49 million. For many organizations, that savings could mean the difference between survival and bankruptcy—making an IRP a wise investment.
IRPs Are Powerful Because They Are About Leadership
While cybersecurity incidents, by definition, involve technology, an IRP is not primarily a set of technical directives. Instead, its core purpose is to ensure that when a crisis occurs, the right people are in place and empowered to make timely, informed decisions to overcome the emergency and minimize the damage.
Accordingly, many components of an IRP concern strategic decision-making, communication processes and organizational responsibilities. For instance, IRPs establish the following:
• Who has the power to make critical decisions at various stages of an incident.
• Who is responsible for determining and executing necessary regulatory filings.
• Timeframes for key decisions and thresholds for financial approvals.
Clearly defining these vital leadership protocols enables significantly faster responses to threats in progress, which in turn limits the financial impact of the incident.
To Be Effective, IRPs Need Executive Sponsorship And Support
While the IT department may oversee the company’s response plan, the IRP is far too critical to be the sole responsibility of one team. In addition to the technical teams, legal teams will need to make compliance-related decisions, and customer support and PR may need to maintain communications with the outside world, etc. In other words, a cyberattack-induced outage will reverberate across the organization.
Swift and decisive guidance from the leadership team is essential to effectively navigating the crisis and restoring operations in these critical moments. Accordingly, C-level executives must take an active role in designing and executing the IRP.
Keys To Maximizing IRP Value
Creating an incident response plan is not a set-it-and-forget-it task. Too many things are rapidly changing, including the threat landscape, business applications and processes and organizational personnel. To ensure that your response plan remains maximally effective at reducing financial risk, be sure to make both tabletop exercises and regular testing a priority.
Tabletop Exercises Improve Fluency
When a cyberattack strikes, it’s far from business as usual. Standard communication channels like email or office phones may be compromised, leaving your organization scrambling. Actions must be prioritized and practiced in advance to ensure adequate response during such chaos. Tabletop exercises are invaluable for rehearsing and refining responses to various scenarios.
While your IT department likely participates in these exercises throughout the year, one question looms large: Are you and other senior business leaders involved? Your participation is critical, as you will be responsible for making quick decisions as the situation takes shape and unanticipated turns arise. These exercises offer a safe environment for all participants, including executives, to practice decision making under pressure and become familiar with technical procedures.
Regular Testing Ferrets Out Weaknesses
There is a reason why the NFL has a preseason: Professional football teams have many moving parts, and it is difficult to determine how everyone works in sync until the referee blows the whistle. Don’t let your incident response team take the field without the chance to refine their strategy and tactics.
A primary benefit of testing is that it can expose weaknesses in the plan so they can be corrected before an incident occurs. For instance, one company discovered that half of its team couldn’t access the cloud-hosted IRP during a crisis simulation. In addition, regular testing builds team cohesion and fosters better coordination and communication, which will pay off during actual incidents.
Is One IRP Enough?
While it’s crucial for every organization to have at least one response plan, today’s complex threat landscape may necessitate multiple specialized IRPs. After all, different types of attacks (e.g., extortion, destruction, espionage) require tailored responses, and they may trigger distinct legal and regulatory requirements. In more extensive and more complex environments, such issue-specific plans can eliminate the need for multi-level “if-then” logic and enable faster and more efficient response. However, organizations should consider developing additional IRPs only after one comprehensive plan has been thoroughly vetted and rehearsed.
An IRP Is A Worthwhile Investment
An IRP is a major investment that entails significant costs for tools, personnel, training and more. To ensure that this investment delivers maximum value, C-level executives must take an active role in ensuring that the IRP will perform when it matters most.
At its core, an effective IRP enhances decision making and communication to ensure swift, coordinated and effective response. In today’s complex digital landscape, a carefully designed and well-practiced IRP is critical to business resilience and long-term success that no business leader can ignore.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
