The Best Way to Respond to a Cyber Breach: PREPARE

Posted by Mike Grant, Director, Technology Practice on October 10, 2016 at 10:00 AM

iStock_000028035880Large.jpgThanks to a number of high profile cases of cyber theft, many companies are aware of the threat of a cyber or data breach. Most know that it’s no longer a matter of “if” but “when” they will get hit. After all, every company has information hackers can profit from such as stolen identities, credit card information or proprietary secrets, to name a few.

Awareness is one thing but knowing exactly what action to take in preparation for a cyber-breach is another. Some companies, by virtue of their particular industry or best practices are better prepared than others. However, even these firms who have made solid investments in security technologies or who have strong balance sheets still need a plan in place to successfully and quickly recover from a cyber-attack.

We have put together the PREPARE method for addressing a future attack and to minimize the impact when the bad guys do get across your fire wall.


Plan. Preparation begins with an incident response plan (IRP). The IRP should outline the steps to be taken, who is involved and an escalation process.

Reach out. Form an Incident Response Team, which should include members from legal, finance, IT, human resources and communications.

Educate employees. Many breaches result from social engineering schemes that trick employees into providing access to their company’s computer system. Make sure they know what to look for as well as how to report an incident, especially if they are feeling uncertain about any communication received electronically.

Purchase cyber/data breach insurance. Specialty insurance solutions are available to assist companies in responding and recovering from these attacks. Insurance products vary widely and may include breach response costs (legal, forensics, notification, etc.) and defense of legal or regulatory (including PCI) action. Businesses should consult an experienced broker to design a policy that fits its unique needs.

Apply attorney client privilege. When an incident occurs, best practice is to consult with a privacy attorney for guidance and to protect the findings of the investigation.

Research your External Response Team. Many of the cyber/data breach insurance policies require the use of certain breach response providers (legal, forensics, notification, etc.). Before selecting outside specialists, confirm that your insurance policy will recognize them and reimburse you for those costs.

Evaluate your IRP. Every IRP should be practiced so that you can make the adjustments necessary to effectively respond when an incident occurs.

Although it might feel premature or uncomfortable to plan to recover from a breach, the value of investing in this type of preparation significantly outweighs the cost of a data breach should you have no strategy in place. Following the PREPARE method will help your company develop a solid plan that will considerably lessen a potentially catastrophic impact from a data or cyber-attack.

To learn more about preparing for a data breach or about any of the steps of the PREPARE method, contact

Learn More

Topics: Property + Casualty, Cyber & Data Security

Subscribe to Email Updates

Top Posts

Follow Us