Keys to Success in Cyber Incident Response


The questions about cyber incident response remain the same every year—but the answers change! We are constantly learning new things about the best and most effective ways to respond to cybersecurity incidents. Proper response can save a company’s reputation, money, resources, and time. It can also prevent or limit liability in follow-on litigation or government investigations. In this presentation, we review the latest developments on how to be successful in incident response, using updated information.

Key Takeaways

  • Document how you first knew about the incident within the first 72 hours. In incidents that become the subject of regulatory action and litigation, one of the key questions that arise is, “How did we come to know about this?” 
  • Communication is key during a cybersecurity incident. Practice the logistics of reaching your incident response team.
  • All members of the incident response team should understand the importance of privilege and how it can be preserved during a response.
  • If outside experts are a part of the incident response team, counsel should be engaged in those conversations.
  • Always think about your insurance company. Understand the legal obligations to report and keep them apprised as the response progresses. They can be a great partner during the process. 

Note: This presentation was one of the most popular in the 2019 Technology May-rathon webinar series.