Incident Response Plan Guide

Introduction

As your Cyber Risks insurer (Agile Underwriting Services Pty Ltd), we have collated some information to improve your company’s security readiness. Incidents do occur and there is only so much that can be done to prevent them. Improvement in readiness will help you to recover more quickly and minimise the cost to your business.

Cyber security management is a complex topic and investment into protection (e.g. firewalls, anti-malware, and other intrusion detection systems) can be expensive. The level of investment should be commensurate with the level of potential exposure to your business. This document is NOT a “how to” cyber security guide. This is a common sense guide on what basic business steps can be taken to be better prepared.

Notifiable Data Breach (NDB)

The Office of the Australian Information Commissioner – OAIC has mandated reporting of data breach on personal privacy data under the Notifiable Data Breach (NDB) scheme since February 2018. They have published a guide on preparation and response to data breach here. We encourage all our policyholders to take advantage of the guidance and share with us your incident response plan. The information in the response plan will greatly assist our panel of claims experts assigned to assist with the handling of your claim and accelerating your recovery process. It will inform our experts in:

Determining the extent and materiality of the data breach
The effectiveness of the containment effort against the cyber attack
Perform targeted forensic analysis to identify and eradicate attackers from your systems
Facilitate rapid recovery of your system to return your business operation to normality

Incident Response Plan (IRP)

The incident response plan should contain the following minimum elements:

An inventory of current asset (information, data, equipment, network, facilities etc) covered by the IRP
Process for detection and confirmation of data breach
Process for notifying Cyber Insurers, see policy notification requirements
Implementation process (as per the OAIC guide)
1. Contain the data breach
2. Assess the data breach
3. Notify impacted parties and/or appropriate authorities
4. Review the incident and initiate preventative measures

If your business uses cloud based services such as Gmail, Saleforce.com, MYOB Cloud, Xero etc, the incident response plan should address these services with all the current contract information so that our panel of experts can engage these cloud service providers effectively on your behalf to contain and repair any damage associated with these cyber-attacks.

The OAIC guidance has made it clear the importance of defining the escalation and notification process. This information would be very useful to our team in assessing and processing your claim request. Page 18 (see expert below) in the OAIC guide provides a quick checklist for other elements in the response plan.

Information to be included in the IRP	Yes	No
What a data breach is and how staff can identify one	Yes	No
Clear escalation procedures and reporting lines for suspected data breaches	Yes	No
Members of the data breach response team, including roles, reporting lines and responsibilities	Yes	No
Details of any external expertise that should be engaged in particular circumstances	Yes	No
How the plan will apply to various types of data breaches and varying risk profiles with consideration of possible remedial actions	Yes	No
An approach for conducting assessments	Yes	No
Processes that outline when and how individuals are notified	Yes	No
Circumstances in which law enforcement, regulators (such as the OAIC), or other entities may need to be contacted	Yes	No
Processes for responding to incidents that involve another entity	Yes	No
A record-keeping policy to ensure that breaches are documented	Yes	No
Requirements under agreements with third parties such as insurance policies or service agreements	Yes	No
A strategy identifying and addressing any weaknesses in data handling that contributed to the breach	Yes	No
Regular reviewing and testing of the plan	Yes	No
A system for a post-breach review and assessment of the data breach	Yes	No
A system for a post-breach review and assessment of the data breach response and the effectiveness of the data breach response plan	Yes	No

Once you have completed the checklist

Once you have completed your own IRP, ask Agile or your broker about our Dynamic Excess Endorsement to get up to 50% of your Policy excess back if you make a claim.

Download the IRP checklist as a PDF

Documents

Making a claim

Read our guide to claiming to ensure a smooth process and you can make a claim online here.