“Cyber Attack” is such a broad term these days; it can include anything from a virus shutting down your entire system, to an attacker threatening to steal and release confidential information if you don’t pay their ransom. The results can also vary – privacy breaches that lead to lawsuits and fines, loss of important files or information, and financial loss due to fraud or theft are only some of the losses that can result from a cyber event.
What is a Cyber Attack or Data Breach?
| A cyber attack is usually associated with some sort of event that causes a loss, such as the outbreak of malware or other invasive software, cyber extortion or ransomware, and social engineering. A cyber event can also cause a data breach, which is defined as when personal information an organisation holds is lost or subjected to unauthorised access or disclosure. | Companies are encouraged to do everything in their power to prevent a cyber attack from ever occurring, but these are inevitably going to happen to most companies at some point – 1 in 4 companies experience a cyber attack at least once according to recent statistics. This is why it is necessary to have some kind of cyber incident response plan; or at least an idea of what to do if you experience a cyber attack or data breach. |
7 Step Plan on What to Do Following a Cyber Event
1. Identify The Breach
| This may seem like an obvious step, but cyber breaches often occur without the victim even noticing – sometimes sitting in your system or on your computer for months before an actual attack occurs. Identifying the breach can be as simple as training staff to recognise a breach when it happens, to implementing sophisticated breach prevention software. | No matter how this is done, it is important to identify a breach quickly, so you can respond to it right away. Once you’ve realised that a breach has occurred, you’ll need to identify what has happened and proceed to the next step – at this point you can contact your incident response team. |
2. Contact Incident Response Hotline
| Who do you call in the event of a cyber attack? | One of the main reasons we recommend purchasing a Cyber Insurance policy is because it gives you immediate access to a 24/7 emergency hotline, so you have somebody to call in the event of a breach. This puts you in touch with experts who can sort out the problem efficiently and effectively – and the policy will pay for their services if the claim goes through. |
3. Contain The Breach
| At this point you have identified the breach, and if you have a cyber insurance policy, contacted the nominated incident response team; now you need to contain the breach, so it doesn’t get any worse. This step is typically handled by the incident response team or your internal/external IT team.
There will be certain steps the IT team (yours or the one nominated by the emergency response team) will take to restore your system’s security and resolve the breach; this can include: |
This can be a complicated process, which is why it’s important to have access to the specialists who can handle the situation appropriately and mitigate the problem before it potentially gets too severe. |
4. Investigate The Breach & Assess The Impact
| You have contained the breach, but still don’t know what exactly happened and the extent of the damages. This is when you would typically utilise a forensic IT specialist to dig into the cause and effect of the cyber event. | Once the forensic IT has identified what occurred and the scope of the breach, you’ll be able to plan from there on how to respond to the event. |
5. Recover Data & Systems
| Once you have contained and eradicated the breach, you can begin the process to recover your IT networks, systems, and data to continue operating. Companies with a business continuity or disaster recovery plan would likely have a specific recovery plan incorporated for these types of situations. However, even if you don’t have a formal plan, your process should include the following: |
This is something your IT team should be able to assist with.
|
6. Communication & Notification
| This step relies heavily on timing – it is important to hold off on certain communication (i.e. with clients, service providers, or those affected by the breach) until you know what exactly happened and the scope of the damages. In addition, you may also have specific notification requirements that will have associated timelines – we recommend you are aware of these in advance, to avoid missing deadlines and getting hit with fines and penalties.
This depends on the impact of the cyber incident – sometimes the event doesn’t warrant communication with these parties, in which case it is usually best practice to skip this step. Alternatively, communicating with these parties can be mandatory in certain scenarios and/or vital to your business. It is important to identify which of these options apply to your business, which is where your emergency response/crisis management team can assist.
If you are going to communicate with these parties, we recommend you wait until you have enough information to pass on a complete message to help avoid miscommunications and misunderstandings. | Consider these key messages when communicating with clients and service providers:
Depending on the size of the cyber event and your business, it may be worth appointing a public relations firm to assist with the communication step.
Certain rules & regulations around mandatory notification of privacy breaches may apply to your company. We recommend you know when to notify before any breach occurs, as you could face fines & penalties if you don’t notify within a specified time period. |
7. Evaluation & Improvement
| Use the information gathered in the previous steps to improve your cyber security measures. Not only will this strengthen your defence against future cyber attacks, but it will help your case with insurers when it is time to renew your policy. | See our Top 10 Tips to Prevent A Cyber Attack here for more information on how to prevent a cyber event. |
Tips & Tricks for a Cyber Incident Response Plan
| Consider some of the below when establishing your breach response plan:
|
|
We are a specialist insurance brokerage with an emphasis on adding value to our clients by helping them make an informed decision. Our approach combines that of an insurance broker and consultant, where we focus on providing expert advice to our clients while customising their insurance program and risk management solutions.
Since starting in 2013, KBI is constantly growing and becoming a leader in the Australian market. Our primary point of difference is that we don’t try to be all things to all people. We work in niche areas, where we can tailor an offering, advice and broker support to meet the specific area’s needs.
latest news
Related Articles
Association Insurance
Why Do Associations Need a Tailored Insurance Program?
Associations play a key role in many industries. They represent the shared interests of professionals, businesses, and communities. Associations operate in dynamic […] {{ post.title }}>Read More
Why Do Associations Need a Tailored Insurance Program? Read ArticleCyber Blog
Strengthening Your Business with Comprehensive Cyber Insurance Solutions
In this article, we provide some key insight into the current cyber insurance landscape including how insurers are responding to increasing risks […] {{ post.title }}>Read More
Strengthening Your Business with Comprehensive Cyber Insurance Solutions Read ArticleBusiness Insurance
Safeguarding Business Continuity: Learning from the Optus Outage
In an era where connectivity is the lifeblood of businesses, the recent Optus outage in Australia served as a stark reminder of […] {{ post.title }}>Read More
Safeguarding Business Continuity: Learning from the Optus Outage Read Article