Incident Response Plan Development

If a company has a detailed cybersecurity incident response plan (IRP) in place, it will be prepared to act promptly and effectively to protect its network, operations, and reputation. Whether a client wants to validate its existing IRP or develop their first plan, Kroll's experts can help.

Unrivalled Insight Built into Every Incident Response Plan

With a team of cybersecurity experts who respond globally to thousands of incidents each year, Kroll knows the risk landscape and has seen the value of being prepared.

When helping clients develop or validate an IRP, our methodology integrates our experts’ front-line experience investigating persistent and emerging cyber threats with recognised industry security standards, including the NIST Cybersecurity Framework and CIS Controls™, while also considering a client’s unique needs and concerns as well as any local, regional or industry regulations.

Our IRP support covers several key areas including:

• Assembling the incident response team (IRT).
  Every organisation should have subject matter experts and key resources identified and in place to ensure coverage of specific incident-related issues.
• Assigning IRT responsibilities.
  An effective response plan will outline the role of everyone on the IRT and ensure their responsibilities are clearly defined.
• Outlining technical protocols.
  The immediate impulse for most technical teams is to try to resolve an issue before escalating it, but this often results in the loss of crucial evidence that has hurt many organisations. Our experts provide guidance on the procedures for IT and security teams to follow when an issue is detected, including when to escalate the situation.
• Determining authority to call an incident.
  An IRP should also include protocols for informing senior management, external partners like outside counsel and insurers, and regional or industry-specific regulators.
• Establishing communications procedures and responsibilities.
  During a crisis, reliable communication is essential. Our incident response experts help organisations determine how the IRT will communicate if corporate email is no longer secure or becomes inaccessible due to ransomware. We also help clients identify and assign responsibility to specific team members for communication with external parties, including outside counsel, insurance providers, regulators, law enforcement, and media outlets.
• Gathering and documenting pertinent information. 
  Kroll's experts help clients compile information that will become essential in the event of an incident. This typically includes technical diagrams and schematics and detailed contact information for key resources such as:
  • IRT members and any alternates
  • internal stakeholders (e.g., board members, management, and legal counsel)
  • Outside vendors or providers of specialty services (e.g., investigations, forensics and remediation, breach notification, crisis communications, and cyber insurance)
• Setting a review and testing schedule.
  An IRP should not be considered a one-and-done exercise. Kroll helps clients develop a system and schedule for continual IRP updates and regular testing, depending on the complexity of the organisation and their data security needs.

Call for an Incident Response Plan Consultation Today

Having a robust IRP in place not only provides practical guidance to team members, it also signals to regulators, customers, investors, and other important stakeholders an organisation’s commitment to proactively addressing cyber threats. Take advantage of Kroll's extensive experience and expertise in responding to cyber incidents and be better prepared to respond to a cyberattack. For more information on developing a new incident response plan or testing and validating an existing plan, contact us today.