Incident Response Planning: Having a Play in Your Playbook


Did you know?

An Incident Response Plan is an operational playbook that helps minimize the financial and reputational impact caused by an incident for an organization. By creating an Incident Response plan and team, organizations respond better to cybersecurity incidents, quickly resuming normal business operations, and promptly alerting relevant stakeholders, authorities, and regulatory agencies to meet all regulatory requirements.

Do I need an Incident Response Plan? 

No company is safe from accidental or intentional exposure of personally identifiable information or confidential information, and data privacy compliance becomes an increasingly complex landscape for organizations to navigate.  Regardless, every company can and should take steps to minimize the cost and impact of any incident.

According to the Ponemon Institute Cost of a Data Breach Report 2019, the average cost of a data breach was $1.23 million less for organizations with a designated Incident Response team and an extensively tested Incident Response plan than organizations with neither.

What are the Elements of an Incident Response Plan Policy document?

  • Statement of management commitment
  • Purpose, scope, and objectives of the policy
  • Definition of computer security incidents and related terms
  • Organizational structure and definition of roles, responsibilities, and levels of authority
    • The authority of the incident response team to gather evidence or disconnect equipment and to monitor suspicious activity
    • requirements for reporting certain types of incidents
    • requirements and guidelines for external communications and information sharing
    • handoff and escalation points in the incident management process
    • Prioritization or severity ratings of incidents
    • Performance measures
    • Reporting and contact forms

How to develop and stress test an Incident Response Plan?

Every executive team should develop an Incident Response Plan and stress test it annually through a tabletop exercise focusing on one or more specific internal and external threat scenarios.  The results and the changes should be shared with the Board and executive team.  The Company should consider additional employee cybersecurity training to address the gaps found during the tabletop exercise. The company should reasonably expect the incident response plan generation process to take 3-6 months.  The Incident Response Team should consist of both internal and external subject matter experts.  Once complete the Incident Response Plan should be shared with the Board and executive team.

What to do now?

  • Assemble Incident Response Team to develop an incident response plan
  • Test Incident Response Plan with a bi-annual tabletop exercise
  • Continuously update incident response plan
  • Report on Incident Response Plan to the Company’s Board at least annually.

How can PorzioCS help?

Porzio Compliance Services (“PorzioCS”) is a unique partner to the business community. A subsidiary of a leading law firm, PorzioCS focuses on data privacy and cybersecurity compliance together with incident response policies for closely-held businesses outside of the traditional financial services and healthcare areas and educational institutions. 

For client engagements PorzioCS assembles teams of appropriate experts, internal and external, to scope the client’s needs, develop a project plan, collaborate with the client to hit the plan targets, deliver the plan goals, and transition the plan maintenance to the client.

There is no cost to make a call to ask a question.  The real cost is not knowing who to call when you learn your data has been accessed/infiltrated/stolen/corrupted.  

Contact James Mottola, VP of Data Privacy, Cybersecurity, and Investigations at 973-889-4229 or