Insight

The critical role of Incident Response Plans in mitigating cyber risks

Published

Read time

Singapore’s status as Asia’s leading business hub makes it a prime target for cybercriminals. In 2024, it ranked 8th globally, with cyberattacks nearly doubling from 11 million in 2022 to over 21 million, according to Kaspersky.1 2  This escalating threat landscape not only jeopardises individual businesses but also poses risks to regional operations across the Asia-Pacific.

21 million +

Cyberattacks in 2024 originating from compromised servers in Singapore

S$4.34 million

Average cost of data breach in Singapore in 2024

The financial consequences are severe with the average cost of a data breach in Singapore reaching S$4.34 million (US$3.33 million) in 20243, a 7% increase from the previous year. Beyond financial losses, businesses now face regulatory penalties for non-compliance with Singapore’s Personal Data Protection Act (PDPA)4 and Monetary Authority of Singapore (MAS) requirements.   

Recognising the urgent need for cyber resilience, the Financial Sector Cloud Resilience Forum5, led by MAS, conducted a first-of-its-kind crisis management tabletop exercise, simulating a disruptive public cloud incident across financial sectors in the region highlighting the vulnerabilities of cloud-dependent industries, and revealing the critical need for robust incident response plans to safeguard cloud-dependent industries. 

For anyone contemplating their 3rd party IT supplier risk management – this is an excellent opportunity to review their own Incident response playbooks to include this scenario in addition to the growing scenarios such as Ransomware, Data breach, Denial of Service attacks, and system failures to be better prepared.

Here are some key pillars of incident response to consider.

Key phases of an effective incident response plan

An Incident Response Plan (IRP) is essential for organisations to effectively manage cyberattacks, minimise damage, and ensure business continuity, enabling a quick, coordinated response to cyber incidents, and protecting both operations and reputation.

1. Preparation

Preparation forms the foundation of any robust IRP. You need to consider how you are conducting risk assessments to identify potential threats. How often are you training stakeholders on their roles during a cyber incident, and establishing clear response protocols for handling various situations via tabletop simulations or even cyber ranges? 

2. Detection & analysis

Early identification is crucial in minimising the impact of a cyberattack. How quickly can you detect incidents before they happen, using monitoring tools and threat intelligence and the like? Once detected, how fast will it take you to mitigate the incident and the likely subsequent damages? 

3. Containment, eradication & recovery

Should an attack go undetected and an incident happen, the post-breach response must kick in immediately. A triage of the incident has to be conducted to identify the kind of attack and select the appropriate playbook in order to contain and limit the breach’s spread. This will also involve the eradication to remove the root cause, and recovery to restore operations while ensuring systems are securely returned to normal without further vulnerabilities. 

At this juncture, a cyber insurance panel for insureds can be activated to support your internal team until the company and operations are brought back to business as usual. You should therefore review your company’s internal capability to identify and remove the root cause as part of creating business continuity, considering the restoration objectives and timelines needed to limit post-breach impact on the bottom line.

4. Post-incident review

Following the crisis, as best practice, businesses go into learning mode to ensure that they are better prepared for the next attack. Here you must conduct a thorough post-incident review to evaluate what went wrong, identify improvements, and refine response strategies. The improvements should be prioritized and scheduled. Reporting should be made to the risk committee /board to ensure a structured improvement has been put into place to meet future breaches.

The role of cyber insurance in incident response

Cyber insurance plays a vital part as outlined above for any company in APAC and beyond for incident response. In particular the realm in the containment & recovery stage as it not only provides a panel of ready experts that are covered under your cyber policy such as the following:

  • Forensic investigations: Cyber insurance covers the costs of forensic investigations, helping businesses identify the cause of the breach and assess its full impact. This enables quick remediation efforts while providing valuable insights to strengthen future defences.
  • Legal fees: Legal expenses can escalate quickly during a cyberattack, particularly when navigating regulatory compliance and potential lawsuits. Cyber insurance covers these costs, ensuring businesses meet legal obligations and mitigate non-compliance risks.
  • Business interruption losses: Operational downtime during a cyber event can lead to significant revenue loss, but cyber insurance compensates for these interruptions, helping businesses recover lost income and restore normal operations more quickly.
  • Crisis communications: Managing communications with stakeholders, customers, and the public is crucial during a cyber incident, and cyber insurance provides financial support for crisis communications, helping businesses protect their brand reputation and maintain trust.

Enhancing your IRP and cyber insurance policy usage

When considering cyber insurance to bolster your IRP there are a number of best practices which must be put into play. At Howden, we follow through with these essential practices by:

  1. Proactively prepare clients by walking them through a proper onboarding process with insurers and internal remediation teams. This will help ensure an existing IRP is properly integrated with the cyber insurance policy activation process.
  2. Leveraging a partner platform, we create a tailored process knitting the policy SOP, existing IRP and people while aligned with your unique threat models. This platform helps to train and drill cross-functional crisis management teams and to help adapt the IRP playbook accordingly. 

Building cyber resilience with cyber insurance for business continuity

A robust cyber resilience strategy is no longer optional but rather a critical necessity for businesses in today’s evolving and increasingly complex digital threat landscape. By integrating comprehensive cyber insurance into their incident response plan, businesses not only safeguard themselves against immediate financial risks but also enhance their ability to recover swiftly, maintaining continuity and protecting their reputation. Proactive preparation and collaboration with cybersecurity and insurance experts ensure long-term stability and a more resilient future, empowering organisations to navigate the complexities of cyber threats with confidence.

1 https://securitybrief.asia/story/singapore-reports-record-cyberattacks-in-southeast-asia-2024
2 https://sbr.com.sg/information-technology/news/singapore-southeast-asias-leading-source-cyberattacks
3 https://techwireasia.com/2023/07/cost-of-a-data-breach-for-asean-businesses-hits-record-high/
4 https://captaincompliance.com/education/pdpa-singapore-checklist/
5 https://www.mas.gov.sg/news/media-releases/2024/first-cloud-resilience-crisis-management-exercise-by-apac-financial-regulators-and-cloud-providers

Howden brokers

Get cyber protection from genuine cyber experts

We're here to make it easy for you, let us help you transfer your cyber risk before its too late.