Cyber Insurance Blog

Cyber Incident Response Plans: 5 Key Things to Include

Cyber Incident Response Plans: 5 Key Things to Include

“If it bleeds, it leads.” News media seem to follow this cliché when covering businesses’ cyber incident responses as much as when covering crime or traffic accidents. When large companies “bleed” millions of dollars paying a ransomware demand or recovering from a data breach, the cyber security incident makes headlines.

But that coverage can leave the mistaken impression that small and medium-sized enterprises (SMEs) don’t also face serious cyber threats.

“Yes, large companies have losses,” says Mark Greisiger, president of the cyber risk assessment and cyber security breach response services company NetDiligence. “You read about them in the paper. … [But] tens of thousands of SMEs [are] experiencing serious losses, especially [due to] ransomware, every day that don’t get press.”

Recently, Brian Thornton, president of ProWriters, talked with Greisiger about why SMEs urgently need to pay more attention to cyber incident response planning. Watch the conversation below:

An incident response plan is a vital tool for ensuring SMEs can conduct business today. It’s also something cyber insurance carriers increasingly require and are involved in executing.

Brokers need to know what strong cyber security and incident response planning involve so they can tell their business clients how to get and keep the coverage they need.

Cyber Security Breaches Can Hit Businesses of Any Size, in Any Sector

Four or five years ago, lost laptop computers were the biggest cause of cyber-related loss. But times have changed.

NetDiligence’s analysis of data from leading cyber insurance underwriters shows ransomware is far and away the leading cause of SMEs’ cyber claim losses. The next is business email compromise (BEC), in which scammers use phishing emails or other means to fraudulently get login credentials.

Small business owner sits at dual computer monitors showing “System Hacked” warning, illustrates need for cyber incident response.

Cyber threats aren’t limited to certain sectors. “What was surprising to me,” says Greisiger, “is manufacturing showing up over and over again each year. They have some of the highest [ransomware payment] averages.” But any business dealing with sensitive personal and financial information is at risk.

In 2020, cyber security incidents cost SMEs $286,000, on average. “These kinds of costs to an SME,” says Greisiger, “a few hundred thousand dollars … That’s life threatening to them.”

Thornton agrees. “A $300,000 demand for a small business is way bigger than a $5 million demand of a Fortune 500 company.”

“Small businesses think they’re not a target,” Thornton says. And hackers aren’t targeting small businesses per se. They are targeting known vulnerabilities in software SMEs use.

“They’re not necessarily looking for you, specifically,” says Thornton. “They’re looking at, ‘We know there’s this vulnerability in this software, and let’s see everyone who hasn’t patched this, who’s unaware of the issue.’ That’s how [SMEs] end up being targeted.”

What Strong Incident Response in Cyber Security Looks Like

Most SMEs lack any cyber incident response plan, says Greisiger. But amid proliferating cyber incidents, more carriers now require businesses they insure to develop effective incident response processes.

A solid cyber incident response (IR) plan includes these key components:

  • Outline of all appropriate internal stakeholders’ response roles

Too often, Greisiger finds, senior management officials aren’t focused on these plans, but they should be. “Any plan should have internal roles outlined,” he says. The plan should specify the roles and responsibilities of IT, management, and departments like inside counsel and human resources.

  • Instructions for contacting outside response experts

The plan should spell out how to contact external experts. “These things never happen neatly, ‘nine to five,’” says Greisiger. “It’s always going to be after hours [or on] weekends. You need to be able to contact someone through a hotline number and have them pick up at odd hours and quarterback the overall situation.”

  • Response protocols dictated by the cyber insurance carrier

The plan should name the business’s cyber insurance carrier, broker, claim and notification responsibilities, and which external attorneys and experts the carrier has approved. Greisiger has seen IT personnel “calling on experts that aren’t even known to their carriers. They don’t have the same level of experience the in-network experts would [bring] to the table.”

  • Best practices for dealing with cyber threats

Greisiger encourages companies to include “playbooks” for dealing with common cyber threats, especially ransomware and BEC. Making sure everyone knows as much as possible about cyber security and incident response best practices could help the company recover when incidents occur.

  • Ready accessibility in the event of a cyber incident

Speed is critical in cyber security incident response. “The client may have a plan [but] they don’t even know where it is,” says Greisiger. “That thing needs to be accessible in the cloud, or better yet, on your mobile phone via a mobile app. … It’s important to get access to the plan, see it, [and] quickly tap into your experts at a moment’s notice.”

Find the Cyber Coverage Your Clients Need Through ProWriters

Two messages, “Hacking Detected” and “Access Denied,” display on computer monitor, illustrating cybersecurity breach response.Robust cyber insurance is at the core of a strong cyber incident response plan.

Good cyber policies do more than cover costs associated with ransomware, data breach liability, or business interruption due to network outages—as crucial as that coverage is.

As Greisiger stresses, they also connect companies with “outside expert partners who you need to call at 10:00 at night. … You’re gaining knowledge, and access to some of the best experts in the industry, who deal with these complex matters every day.”

Do you want your SME clients to have peace of mind and confidence doing business in the digital age?

ProWriters can help you find and quote them the coverage they need so they have the protection they deserve. Book your appointment now to talk with one of our experts.

Subscribe to Our Monthly Newsletter!

    Retail vs. Wholesale Brokerage

    Experts Weigh In

    Get the eBook