How to Develop a Cyber Breach Crisis Management Plan

Sections of this topic

    Making a Cyber Breach Crisis Management Plan

    These days, protecting your organization from cybercrime is just as, and possibly even more important than securing your physical facility. Cybersecurity is always evolving and you need to keep up with best practices to help prevent data breaches that could compromise your company’s reputation.

    With that said, it’s not possible to prevent every breach attempt. Regardless of your industry or the size of your organization, breaches can happen to every company (and probably will, at some point). Accepting that fact is the first step. Preparing for it is the second.

    Having a solid crisis management plan for future cyber breaches can prevent a bad situation from turning into a nightmare. You can protect your assets and your trust with customers by responding appropriately if and when a breach occurs. Here are some tips for creating an effective breach response plan.

    Prepare By Analyzing Breaches That Have Occurred in the Past

    Obviously, it’s better to avoid data breaches whenever possible. But the ones that have already occurred can at least teach us something. It’s useful to study the aftermath of different data breaches within your own organization and in other companies to determine what works and what doesn’t.

    If your organization hasn’t yet been the victim of a data breach, then you’re lucky! You can still learn from the most high-profile data breaches of the last few years, though, and learn what to do—and what not to do.

    For instance, many large breaches affecting billions of accounts and records go undisclosed for years, leading to massive financial losses and damage to companies’ reputations. These stories show how important it is to act quickly and to be transparent during the mitigation phase.

    Are You Well Prepared to Scale if Needed?

    Cybersecurity teams need grow alongside a business. It’s important to include a plan for scaling, whether you’re in a massive growth phase or not. How will you hire more security experts and get them up to speed? What training will you offer employees?

    Many organizations fail to update their cybersecurity response plans as they grow. This is a mistake, as it can be challenging to find qualified security experts to help protect and mitigate data loss. Adding strategic plans for growing your security team and enhancing training protocols for scaling is key.

    Be Sure to Have a Clear Monitoring System in Place

    Many data breaches, even at the largest companies, go undetected for months or even years. Without proper monitoring protocols, it’s impossible to respond immediately to a breach or threat. Anticipating breaches allows you to set up automation solutions that will identify a security issue right away.

    In addition to setting up a security system to monitor threats, the security team and upper management should have notification systems in place that will ensure the problem is addressed as quickly as possible. Emergency notifications can be sent by email, text messages, or other mediums to reach the right person or people immediately, ideally using multiple methods.

    Craft a Detailed Action and Response Plan

    Anticipating breaches is the first step, but being prepared to respond to them requires detailed planning and team buy-in. Your plan of action should be tailored to the needs of your business, but there are a few standard guidelines for breach response plans to follow.

    First, it’s important to define what qualifies as a serious breach or threat. Not all security issues are major enough to warrant immediate action. Your plan should define different threat levels with steps and a timeline for management.

    You should also define a chain of command and include contact information for everyone who will be involved with managing the breach response. Lay out specific steps that should be taken in response to the cyberattack so that no one is making decisions in the moment when they’re under a lot of stress. You should assign ownership of these tasks to specific people and update them as needed.

    Finally, your plan should include how your customers, shareholders, and/or clients should be informed of the breach. Create pre-approved messaging that can be adapted to the individual breach or crisis so that you can inform people in a timely and consistent manner.

    After Planning, Time to Train Your Team!

    A plan is important, but your team needs to be prepared and ready to use it should a breach occur. Training is absolutely key in any cybersecurity breach response plan. Everyone in the organization should understand their responsibilities, know where to find the tools and resources they need, and who will be providing leadership in the event of a breach.

    Creating a plan can be time-consuming and challenging, but it’s a crucial step in today’s world. An investment in time and energy today can make a big difference in the event of a security event—and could mean the difference between weathering the storm or sinking your organization completely.

    [This article was contributed by business consultant Ryan Ayers. If you have an article you think might be a fit for our blogs, please write to]