Preparatory and Response Measures for Cybersecurity Incidents
See below Roschier’s cybersecurity incident guide including a high-level overview of certain recommended preparatory and response measures for cybersecurity incident situations.
Roschier Recommended Preparatory Measures
Appointment of core response team
- Identification of internal incident response team
- Appointment of external legal and technical advisors
- Engagement of external cyber threat monitoring and response service providers
- Allocation of roles and responsibilities between the core team members
Plans, processes, and due diligence
- Cyber and privacy frameworks, including impact assessments
- Cybersecurity incident response plan and process, including notification strategies
- (Cyber) insurance
- Processes to ensure compliance with regulatory requirements
- Corporate and data protection due diligence
Technical security measures
- Active management of updates and vulnerabilities
- Automatic threat monitoring and detection
- Backups
- Data encryption and pseudonymization
- Network segmentation
- Access control
- Activity logging
Trainings and advisory
- Internal trainings to ensure personnel awareness and capabilities
- Exercises to simulate cybersecurity incident situations and response activities, including tabletop exercises
- Board and core team advisory
Incident Response – The Roschier Way
Detection and mobilization
- Cybersecurity incident is detected by a monitoring service, employee, service provider or other stakeholder
- The core response team is immediately notified and mobilized to commence necessary response and investigation activities according to incident response plan
- Roschier acts as a key member of the core response team to provide legal and strategic advice, subject to legal professional privilege
First response
- Quick, focused, and documented reaction is key to mitigate potential adverse consequences and escalation
- The core response team takes immediate investigation and mitigation measures to contain the incident, including identification, isolation, and closing of affected devices, systems, and connections
- Roschier provides investigation and response support, advisory and coordination, including identification of personal data breaches and/or unauthorized disclosure of or access to trade secrets or insider information
Notifications and reporting
- Applicable law includes strict obligations for businesses to report cybersecurity incidents to competent authorities or affected individuals
- The core response team identifies notification obligations and assesses whether notifications should also be made to customers, end users, insurance provider, police, media, or other stakeholders
- Roschier assists in notifications and reporting, stakeholder management, communications, forensics and criminal procedures, law enforcement engagement, and realizing insurance recoveries
Investigation
- Thorough investigation and response are needed to establish the scope and implications of the incident in detail and to continuously contain the incident
- The core response team confirms what additional investigation and response measures are needed, implements such measures, and sends out updated reports or notifications
- Roschier continuously advices the client and the core team to ensure completion of investigation and response measures in accordance with the regulatory requirements
Recovery
- Following completion of the investigation and response measures, recovery can be commenced to restore normal business operations
- The core response team leads the recovery actions in a coordinated and structured manner
- Roschier provides recovery support, advisory and coordination
Post-incident review
- Once a cybersecurity incident has been contained and recovery completed, the affected organization should carefully review its security and incident response practices and capabilities to assess their sufficiency and implement any necessary corrective measures.
- How Roschier can help
- Thorough evaluation and update of the organization’s cyber incident processes, plans, and capabilities
- Supplier and customer disputes
- Data breach claims
- Contentious regulatory
- Insurance claims