Overview
What is cyber incident response and how does it work?
Cyber incident response is the set of actions taken to respond to and manage a data breach or cyber incident. Your policy may provide for certain cyber incident response services, and you should review your policy with your insurance agent or broker to determine any response services that are available to you.
Step 1
You can call the 24/7/365 Incident Response Hotline number contained within your policy documentation.
You will be asked to provide the following details:
- Your name
- Your contact details
- Your business name
- Your policy number
- A brief description of the incident and when it occurred
- Other information as applicable
Step 2
Notify your insurance agent, broker or insurer of a potential claim. Engaging incident response services is not reporting a claim or event to your insurer.
The notice of claim provisions in your policy state how you must report claims and events to your insurer.
The Process
What happens once I have engaged the cyber incident response service?
Every incident is different but generally the process will be as follows:
- The Incident Response Manager will set up an initial call so they can understand what has happened, what data is involved and when the incident was first discovered
- They will suggest actions you need to take to mitigate any immediate risks
- They will coordinate a second call between you and any specialist advisors (as required) with the aim of creating, scoping and agreeing to a response plan
- They will explain what happens next and how the process will flow over the next few hours and days
- They will assist with the implementation and coordination of the Response Plan
Advisors
Who are the specialist advisors?
If provided in your policy, you may have access to the following specialist advisors and services:
Incident Response Managers are often lawyers with legal and privacy regulatory expertise. This is useful for incidents involving personal or non-public data, which potentially trigger regulatory and contractual obligations and can result in third party liability. Privacy lawyers can act as a legal advisor, under privilege, to determine your rights and obligations in the event of a cyber incident and help protect those rights and meet the obligations.
Forensic services are provided by digital investigators who piece together information to help a business understand the cause, scope and status of a cyber incident. They provide guidance on how to mitigate, stop or prevent further incidents. Due to their exposure to many cyber incidents they are a highly valuable addition to the incident response services.
In the event of an extortion or ransomware incident, consultants offering Extortion Services use forensic analysis techniques and software to investigate incidents, attempt to recover encrypted data and confirm that decryption keys work. Some may hold crypto-currency wallets and can assist with contacting the threat actors to bring the situation to a satisfactory conclusion.
PR Services help businesses respond to a cyber incident. They use their crisis communication expertise to help effective and appropriate communication with internal and external stakeholders. They can provide full support or can supplement existing capabilities, but they focus on messaging designed to keep a brand’s integrity and reputation unharmed.
Notification services help businesses alert individuals whose personal data is impacted by a data event in a timely and cost-effective manner. They use a notification service provider to notify large numbers of affected individuals quickly via multiple channels. Notification services will also complement other teams such as PR and legal to ensure that all messaging is appropriate for the audience, the sensitivity of the event, and that all legal and regulatory obligations are satisfied.
Credit monitoring services are services offered to individuals impacted by a cyber incident to protect them from the effects of their personal data being compromised e.g. web monitoring for their personal data or alerts if their credit scores change due to suspected fraudulent activity or identify theft.
Incident Response Managers are often lawyers with legal and privacy regulatory expertise. This is useful for incidents involving personal or non-public data, which potentially trigger regulatory and contractual obligations and can result in third party liability. Privacy lawyers can act as a legal advisor, under privilege, to determine your rights and obligations in the event of a cyber incident and help protect those rights and meet the obligations.
Forensic services are provided by digital investigators who piece together information to help a business understand the cause, scope and status of a cyber incident. They provide guidance on how to mitigate, stop or prevent further incidents. Due to their exposure to many cyber incidents they are a highly valuable addition to the incident response services.
In the event of an extortion or ransomware incident, consultants offering Extortion Services use forensic analysis techniques and software to investigate incidents, attempt to recover encrypted data and confirm that decryption keys work. Some may hold crypto-currency wallets and can assist with contacting the threat actors to bring the situation to a satisfactory conclusion.
PR Services help businesses respond to a cyber incident. They use their crisis communication expertise to help effective and appropriate communication with internal and external stakeholders. They can provide full support or can supplement existing capabilities, but they focus on messaging designed to keep a brand’s integrity and reputation unharmed.
Notification services help businesses alert individuals whose personal data is impacted by a data event in a timely and cost-effective manner. They use a notification service provider to notify large numbers of affected individuals quickly via multiple channels. Notification services will also complement other teams such as PR and legal to ensure that all messaging is appropriate for the audience, the sensitivity of the event, and that all legal and regulatory obligations are satisfied.
Credit monitoring services are services offered to individuals impacted by a cyber incident to protect them from the effects of their personal data being compromised e.g. web monitoring for their personal data or alerts if their credit scores change due to suspected fraudulent activity or identify theft.