A designated cyber incident response team is a critical aspect of a corporate cyber security plan. Acting quickly on a detailed cybersecurity incident plan is essential to stem the fallout from a data breach, something a well-versed crisis response team will be best suited to do.
A corporate incident response plan should include a designated response team, senior management involvement and “should be practiced before a major event occurs.” The purpose of a response team is to “consolidate and coordinate all communications internally as other departments, such as legal and information technology, become involved,” according to Ethan Harrington, director of insurance and risk management at H&R Block Inc. in Kansas City, Missouri.
Experts say that a risk manager should head up the team but the company’s chief information security officer should be present as well as someone from the accounting or finance department to track costs. Teams should be well versed and trained in the event of a data breach because “the whole point of the plan is to have thought about this ahead of time and to have identified scenarios where you might need to have a team ready to go,” says Molly McGinnis Stine, a partner at law firm Locke Lord L.L.P. in Chicago.