Do you have a rehearsed cyberattack response plan?

Companies need to create and rehearse an incident response plan to avoid late intervention during a cyberattack, according to panellists speaking at a conference in Toronto last week.

Do you have a rehearsed cyberattack response plan?
Ruth Promislow encourages companies to have a rehearsed incident response plan and to look into their cyber-insurance coverage to make sure they have what they need.

 

Companies need to create and rehearse an incident response plan to avoid late intervention during a cyberattack, according to panellists speaking at a conference in Toronto last week.

 

In the face of a breach, there’s no time to think about what to do or who to call, said Ruth Promislow, a partner at Bennett Jones LLP, speaking about the importance of early intervention during a panel on risk management and insurance claims following a cyberattack.

 

The Cyber Risk Summit, put on by NetDiligence, took place Feb. 23.

 

Promislow said it is important for companies to look at their cyber-insurance and ask if they’re properly covered.

 

“When you have this coverage, engaging your insurer immediately is helpful in that you have access to the panel of experts that they provide. In the face of a breach, there’s really no time to think about what you need to do and who you need to be calling. That’s why you need a well-rehearsed incident response plan,” said Promislow. “I say rehearsed because you should be rehearsing it and engaging in tabletop exercises and you need to be engaging those experts.”

 

Tabletop exercises are scenarios that mimic what a breach would feel like to the company.

 

Promislow advised organizations to tailor their coverage and obtain cyber-insurance that covers the most relevant risks.

 

“There’s not sort of this catch-all of you’re covered for every single contingency under the cyber-umbrella,” she said. “What it underscores is the importance . . . of understanding for this organization what [is] the scope of risks and vulnerabilities that this specific business faces, what are the assets they’re trying to protect, where are the potential gaps in their system and then obtain the insurance that covers the risks that [they] think are the most prevalent.”

 

Promislow saic it can come as a big surprise to companies when they find out that their insurance doesn’t actually cover them for the specific situation they’re facing.

 

“There’s no such thing as coverage for all things cyber,” she said.

 

When it comes to actually reporting a claim to the insurance company, it’s important to know the difference between a breach, an event and an incident, said Queen's University’s information security officer Denise Ernst.

 

“Particularly in a large organization, there is every day and every hour . . . events that are happening,” she said.

 

Ernst said companies don’t want to always be on the phone with their insurance companies.

 

“Disclosure and transparency is extremely important, but we have to keep in mind how much do you want to know, how often do you want to know it and having that knowledge what does it do . . . to the insurance,” Ernst said.

 

Catherine Hagerman, manager of insurance and risk management at Queen’s University, said it’s important for companies to really consider what they report to the insurance company after a breach.

 

“Sometimes, people jump and say I better advise my insurer right now [that] we’ve had a breach, but you want to be careful that the timing of this is right as well because, once you start notifying, you have to notify everyone,” she said. “You need to really understand the breach itself, how far-reaching it is, how critical it is, so that you can make sure that when you are advising, you are advising correctly and then you just proceed from there.”

Recent articles & video

Purpose of charity must clearly exist for declaration of charitable trust: court

Refusal to exercise discretion in discretionary trust due to extraneous matters actionable: court

Discharge premature despite progress in addressing mental illness: court

Provision in offset agreement must be included in calculating long-term disability benefits: court

Reasonableness and context key factors for employment disputes over vaccine mandates

No backdating of insurance policy unless clearly intended by the parties: court

Most Read Articles

Faren Bogach's journey from Big Law to launching her construction firm Construct Legal

Proposed Quebec tax on unvaccinated likely is within rights of province to impose: Davies lawyer

WOMEN IN LAW: Yola Ventresca's love for mentoring inspired her to join the management at Lerners LLP

Reasonableness and context key factors for employment disputes over vaccine mandates