Cyber incidents can occur at any time and can take many forms. An incident may occur in critical systems at a time when key staff are unavailable, or in rarely used systems that may not have a clear immediate response, or in third-party systems that require outside involvement.
An incident response plan determines how your organisation will respond to a cyber security incident. Every organisation should have an incident response plan in place and should regularly review and test it. Having a plan in place can dramatically limit damage, improve recovery time and help safeguard your business.
Crucially, incident response plans must have buy-in from the business executives; they are generally the key decision makers and the ones facing the public when there is a significant incident. They may also be the legally responsible office holder. Without their involvement or support, plans can be completely disregarded the moment there is an incident.
These plans also help make cyber security front-of-mind for CEOs and business executives as they detail the known threats facing the business and the risk of compromise.