The critical role of Incident Response Plans in mitigating cyber risks

The Asia-Pacific (APAC) region has emerged as a critical hotspot for cybersecurity threats, with organisations experiencing an average of 2,510 cyberattacks per week in Q2 of 2024 alone1. This alarming trend underscores the growing complexity and frequency of cyber incidents across the region. Two key factors are accelerating this rise: the proliferation of AI-powered threats and a significant shortage of skilled cybersecurity talent. Together, they are widening the region’s vulnerability landscape and challenging traditional approaches to cyber risk management.

Based on a 2024 online Cloudflare commissioned survey which was conducted across a total of 3,844 cybersecurity decision-makers and leaders organisations in 14 markets across the Asia Pacific region to understand the threat landscape facing Chief Information Security Officers (CISOs) and their team, 41% of respondents had indicated experiencing a data breach in the past 12 months, with 47% indicating experiencing more than 10 data breaches. This spotlights the escalating severity of cyberattacks and reinforces the urgent need to implement robust cybersecurity measures and comprehensive cyber insurance coverage to mitigate risks and potential losses.

The essential key to an organisation’s cybersecurity resilience is its ability to respond to a cyber incident and according to IBM’s 2024 Cost of a Data Breach Report, organisations with robust Incident Response (IR) planning and testing saved $1.49 million per data breach compared to those with low or no IR planning and testing4. It also underscores the critical importance of having a well-defined and regularly reviewed incident response (IR) plan to ensure operational readiness and minimise the impact and costs associated with potential data breaches.

For anyone contemplating their 3rd party IT supplier risk management – this is an excellent opportunity to review their own Incident response playbooks to include this scenario in addition to the growing scenarios such as Ransomware, Data breach, Denial of Service attacks, and system failures to be better prepared.

Here are some key pillars of incident response to consider.

Key phases of an effective incident response plan

An Incident Response Plan (IRP) is essential for organisations to effectively manage cyberattacks, minimise damage, and ensure business continuity, enabling a quick, coordinated response to cyber incidents, and protecting both operations and reputation.

1. Preparation

Preparation forms the foundation of any robust IRP. You need to consider how you are conducting risk assessments to identify potential threats. How often are you training stakeholders on their roles during a cyber incident, and establishing clear response protocols for handling various situations via tabletop simulations or even cyber ranges? 

2. Detection & analysis

Early identification is crucial in minimising the impact of a cyberattack. How quickly can you detect incidents before they happen, using monitoring tools and threat intelligence and the like? Once detected, how fast will it take you to mitigate the incident and the likely subsequent damages? 

3. Containment, eradication & recovery

Should an attack go undetected and an incident happen, the post-breach response must kick in immediately. A triage of the incident has to be conducted to identify the kind of attack and select the appropriate playbook in order to contain and limit the breach’s spread. This will also involve the eradication to remove the root cause, and recovery to restore operations while ensuring systems are securely returned to normal without further vulnerabilities. 

At this juncture, a cyber insurance panel for insureds can be activated to support your internal team until the company and operations are brought back to business as usual. You should therefore review your company’s internal capability to identify and remove the root cause as part of creating business continuity, considering the restoration objectives and timelines needed to limit post-breach impact on the bottom line.

4. Post-incident review

Following the crisis, as best practice, businesses go into learning mode to ensure that they are better prepared for the next attack. Here you must conduct a thorough post-incident review to evaluate what went wrong, identify improvements, and refine response strategies. The improvements should be prioritized and scheduled. Reporting should be made to the risk committee /board to ensure a structured improvement has been put into place to meet future breaches.

The role of cyber insurance in incident response

Cyber insurance plays a vital part, as outlined above, for any company in APAC and beyond for incident response. In particular, the realm in the containment & recovery stage, as it not only provides a panel of ready experts that are covered under your cyber policy, such as the following:

Enhancing your IRP and cyber insurance policy usage

When considering cyber insurance to bolster your IRP there are a number of best practices which must be put into play. At Howden, we follow through with these essential practices by:

1. Proactively prepare clients by walking them through a proper onboarding process with insurers and internal remediation teams. This will help ensure an existing IRP is properly integrated with the cyber insurance policy activation process.
2. Leveraging a partner platform, we create a tailored process knitting the policy SOP, existing IRP and people while aligned with your unique threat models. This platform helps to train and drill cross-functional crisis management teams and to help adapt the IRP playbook accordingly. 

Building cyber resilience with cyber insurance for business continuity

A robust cyber resilience strategy is no longer optional but rather a critical necessity for businesses in today’s evolving and increasingly complex digital threat landscape. By integrating comprehensive cyber insurance into their incident response plan, businesses not only safeguard themselves against immediate financial risks but also enhance their ability to recover swiftly, maintaining continuity and protecting their reputation. Proactive preparation and collaboration with cybersecurity and insurance experts ensure long-term stability and a more resilient future, empowering organisations to navigate the complexities of cyber threats with confidence.

Sources 

1 Check Point Research Reports Highest Increase of Global Cyber Attacks seen in last two years – a 30% Increase in Q2 2024 Global Cyber Attacks. Check Point (2024). https://blog.checkpoint.com/research/check-point-research-reports-highest-increase-of-global-cyber-attacks-seen-in-last-two-years-a-30-increase-in-q2-2024-global-cyber-attacks/

2 APAC survey offers a glimpse of the H2 2023 – H1 2024 threat landscape. CYBERSECasia (2024) APAC survey offers a glimpse of the H2 2023 – H1 2024 threat landscape - CybersecAsia

3 IBM: Data breach cost in ASEAN hits new high. ComputerWeekly.com (2024) https://www.computerweekly.com/news/366612788/IBM-Data-breach-cost-in-ASEAN-hits-new-high#:~:text=The%20average%20cost%20of%20a%20data%20breach,from%20last%20year%2C%20a%20study%20has%20found.&text=These%20breaches%20were%20also%20the%20most%20expensive%2C,as%20287%20days%20to%20identify%20and%20contain.

4 #ISC2Congress: Addressing Weak Incident Response Plans. ISC2 (2024) https://www.isc2.org/Insights/2024/10/ISC2Congress-Addressing-Weak-Incident-Response-Plans