What is a Cyber Incident Response Team
Most cyber insurance policies will have provision what is known as a cyber incident response team. This will be a group of individuals or companies who will be responsible for effectively managing any cyber security attack or data breach.
Some or all of them may also be involved in some type of project management team in preparing a cyber incident response plan in preparation for any such an attack happening.
A cyber incident response team may either be provided by the insurance carrier, by the company or organisation itself, by a third party consultant or by a combination of all of these.
Cyber incident response jobs should be available in all of these categories
Incident response team members
Data breach investigators
As soon as any data breach or cyber attack is known to have taken place or to be taking place, it is crucial that investigators find out how it happened in order to seal such a breach.
In addition, the entire IT system will need to be checked and restored to full integrity.
This will need the involvement of one or more highly trained cyber security engineers who can oversee this aspect of the recovery plan.
Regulatory involvement
In the event of a cyber attack, it is crucial that there is discovery of whether or not a data breach has occurred which would involve the leaking or theft of customer or client information, or any sensitive information relating to the company or third parties.
If this is the case, then anyone affected by such a theft will need to be notified as soon as possible, and any regulatory body that oversees the work of the company will most likely also need to be notified.
Such a regulatory body may have its own regulations about notifying customers, clients or third parties, which will need to be understood and adhered to.
This should be part of a cyber incident recovery plan, and as such be able to be implemented immediately once the type of data breach has been established.
A legal team
This may be a firm of lawyers, either in-house or external, or counsel employed by the company itself. They will need to be involved in all aspects of the data breach, advising on all the legal implications regarding the breach itself, regulatory involvement, payment of any ransom, and monitoring all the ongoing issues as they happen.
Credit monitoring
If a data breach has affected any third party especially customers or clients, there is a real risk of identity theft occurring at some point. To this end clients will be offered access to a credit monitoring system which will help them establish if such a risk exists.
A financial expert who understands credit monitoring systems, and what they can and cannot show by way of information needs to be part of the team to advise both the company and any individual client who may need their help.
Ransomware payment
It is quite likely that if there is a cyber attack or data breach, it will quickly be followed by a demand for payment of some type. Payment is normally demanded in cryptocurrency, and there need to be people involved in the team who understand how this works.
Companies may or may not decide to pay a ransom if demanded, but they need to make this decision in conjunction with the insurance carrier and their legal team as well.
Reputational damage
Any company or organisation that suffers a cyber attack of any type is likely to suffer some type of reputational damage. This could stem from the attack itself, failure of the company to prevent such an attack or failure to notify customers of the attack in a timely manner.
Any reputational damage can have long term consequences for the organization or business, and it is important to have either a PR company, or in-house PRÂ who can manage this effectively.
It is often a good idea to consider an external PR advisor anyway, as any in-house team they find it difficult to be objective about themselves, and in this area it is crucial that any reputational damage is minimized and dealt with as soon as possible.
Some recent jobs advertised online (July2023) :
Cybersecurity Incident Response Analyst
- Major Tech and Communications Company –Â salary range $110000 / $200000
SOC Analyst – Attack Analyst
- Major US based Investment Bank – salary range $110000 -$145000
Cybersecurity Analyst
- Major Transportation Authority – salary range $83000 – $105000