Every business plans stuff. Whether that is financial planning, sales planning, or just the day-today planning on how to get your work done, the fact is professionals create plans. Professionals never just ‘wing it’.
Take these as examples:
- Doctors follow treatment plans
- Pilots follow flight plans
- Soldier follow military plans
How would you feel if a surgeon said he was just going to cut you open and figure it out once he got there without any plan as to the operation he was about to perform? You’d run a mile.
Why then are most businesses operating without an Incident Response plan on what to do when a cyber attack happens? It’s true that no battle was ever won simply due to the battle plan, but no army general ever went into war without a plan.
Stop! Don’t assume IT has this covered
One of the main reasons businesses don’t create an Incident Response plan is because many company Directors just think that this is the job of IT and that someone in the IT department already has this covered.
The fact is Incident Response is a specific function and should be treated that way. Yes it falls under the overarching ‘IT’ banner, but that’s just like saying surgeons are surgeons, when in fact they have specialisms; like a brain surgeon or a heart surgeon. And you wouldn’t want the heart surgeon performing your brain surgery, would you?
Unless you have a Certified Incident Response Handler within your internal teams or within your outsourced cyber security partners team – you are running the risk of having to face a cyber attack without any plan to tackle it.
You’re just winging it.
So here’s our 3 top reasons why you should have a Certified Incident Response plan in place for your business:
1. Protect Your Data
You have a legal duty to protect people’s personal data under GDPR. So that’s pretty important. Then you also have your business and financial data. By having an incident response plan, your cyber security team can proactively protect your data.
Data in the wrong hands can be held for ransom by hackers deploying ransomware (WannaCry, NotPetya, CryptoLocker etc) or when sensitive information is leaked to the public (Marriott Hotels, Ashley Madison etc).
Protecting data assets throughout the incident response process includes countless tasks and responsibilities. Important procedures include secure backups, leveraging logs and security alerts to detect malicious activity, proper identity and access management to avoid insider threats, and strong attention to patch management.
2. Protect Your Reputation & Customer Trust
78% of consumers would take their business elsewhere if you directly affected by a data breach. If a security breach is not properly handled quickly, the company risks losing a large chunk of its revenue. A data breach doesn’t instill confidence in your customers. You probably know by now that it can literally be a PR nightmare for organisations.
It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.Warren Buffett
3. Protect Your Revenue
Proper incident response safeguards your organisation from a potential loss of revenue. Revenue is at stake with any impactful data breach. While your organisation may not be BA or Marriott Hotels, your small to mid-size organisation can still be greatly affected by a data breach.
In fact, sixty percent of small and medium-sized businesses go out of business after six months following a data breach. Not only is direct company revenue at stake but also the costs for legal, remediation, forensic investigations, and regulatory and compliance fines when dealing with a security breach.
The faster your business can detect and respond to a data breach or other security incidents the less likely it will have a significant impact on your data, customer trust, reputation, and a potential loss in revenue. If you don’t have an incident response plan in place, consider working with us to build your Incident Response plan. We have 3 full-time Certified Incident Response Handlers in our team.
Call us on 01738237001 today.