Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Develop an incident response plan

Small and Medium Organizations: Develop an incident response plan

According to Statistics Canada’s 2018 survey of Canadian enterprises, almost 20% of small enterprises and 30% of medium enterprises experienced a cyber incident Cyber incidentAny unauthorized attempt, whether successful or not, to gain access to, modify, destroy, delete, or render unavailable any computer network or system resource. in 2017. The survey found that 87% of respondents did not have a written policy to manage or report cyber security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. incidents. The results of the survey demonstrate that small and medium organizations need to be diligent and develop an incident response plan.

What is an incident response plan?

The Cyber Centre defines a cyber incident as any unauthorized attempt, whether successful or not, to gain access to, modify, destroy, delete, or render unavailable any computer network or system resource. Some examples of cyber incidents are phishing PhishingAn attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking or spoofing a specific, usually well-known brand, usually for financial gain. Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information, which they may then use to commit fraudulent acts. , ransomware RansomwareA type of malware that denies a user's access to a system or data until a sum of money is paid. , and Distributed Denial-of-Service (DDOS DDOSSee Distributed denial-of-service attack. ) attacks.

An incident response plan ensures that your organization is prepared to detect, respond to, and recover from a cyber incident. The goal is to recover as quickly as possible. An effective plan limits disruptions to internal services, clients, and partners, and reduces data loss and reputational damage.

A written incident response plan ensures that responders are ready to carry out the necessary tasks to deal with an incident. It should:

  • Specify the roles and responsibilities of those involved in the response
  • Provide contact information for everyone involved in response activities
  • Provide detailed instructions on handling common incidents
  • Specify actions required for mandatory incident reporting

Due to a lack of monitoring, many cyber incidents go undetected for a long time, resulting in more complicated and costly recoveries. Your organization should consider implementing a solution for detecting, monitoring, and responding to incidents. For example, solutions may include security information and event management (SIEM) systems.

In addition to liability coverage, your organization should also consider purchasing a cyber security insurance policy that covers incident response and recovery activities.

Recommendations for your organization:

  • Develop a written incident response plan with detailed responsibilities
  • Consider purchasing a cyber security insurance policy, which includes coverage for incident response and recovery activities, as well as liability coverage.

For more information:

Date modified: