Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

Cyber incident response plans should include access to network of 'clean-up' specialists, says expert

A comprehensive cyber incident response plan will include the ability to access "a network of experts" to help address the variety of issues businesses could encounter following a breach of their IT infrastructure security, an expert has said.04 Dec 2013

Cyber liability and data breach insurance specialist Ian Birdsey of Pinsent Masons, the law firm behind Out-Law.com, said, though, that businesses face a challenge in drawing up such plans themselves and said companies can often gain access to the network of experts they need if they take out cyber insurance policies.

"As a study by Symantec showed earlier this year, having a formal cyber incident response plan can help businesses reduce the costs they will inevitably incur in the event that they experience a data breach," Birdsey said. "It is important for companies to first understand what they plan to do in the event of a breach."

"A comprehensive incident response plan is likely to include reference to a network of experts in different jurisdictions who can help businesses with services ranging from IT forensics, PR, credit monitoring, customer engagement and general crisis management. However, it is a complex and significant exercise for companies to pre-appoint experts in the event of a breach and decide who should manage each aspect of that breach, particularly since the nature of a breach will remain unknown until it occurs," he added.

"The market for cyber liability and data breach insurance is growing. Insurers, as part of these products they are selling, often provide businesses with access to their own network of experts they have developed to help policy holders manage cyber incidents. Businesses should consider whether there is greater value in taking out cyber insurance so as to have hassle-free access to the network of experts, or whether to go it alone," Birdsey said.

The expert was commenting after management consultancy McKinsey flagged common faults it said it had identified in businesses' cyber incident response plans.

It said out of date policies on how to act in the event of a breach or vague wording of that documentation can render plans useless. A failure to integrate plans across the different "business units" of companies can also hamper efforts to manage responses to incidents affecting the entire organisation, McKinsey added.

The consultancy also said that incident response plans built on "tribal knowledge and existing relationships" can cause problems.

"When asked about incident response, many organisations will identify one or two 'go to' people who have the institutional knowledge to guide the organisation," McKinsey said. "This may result in a single point of failure when the resident expert is not available or does not have the capacity to identify and manage all the moving parts of a complex breach scenario."

Join My Out-Law

  • See only the content that matters to you
  • Tailor Out-Law to your exact needs
  • Save the most useful content for later reading
  • Tailor our weekly eNewsletter to your interests

Join My Out-Law

Already signed up to My Out-Law? Sign in

Expertise in TMT & Sourcing

Pinsent Masons provides strategic and contractual advice to organisations across the public and private sectors.

More about TMT & Sourcing