6. Explain why it is important to have a cyber security incident response plan (AC 2.3)

As we have covered in previous questions, IRP is like your guide through difficult time. Your organisation will get attacked or will have some sort of cyber security incident and having an IRP will make the whole process smoother.

The IRP will help the security teams as it will tell them what to, how to do it, and when is the best time to do so. For example it may outline how to deal with ransomware. Having a IRP will help with responding to the incident much quicker, as the responders will just follow the steps on the checklist and won't have to think about what to do next, but can instead just focus on doing their job. As the old saying goes: "Time is money". It's definitely true when dealing with a cyber incident, as any delays will cost your organisation money. Imagine the incident involves DDoS your website. This means any revenue that comes through your site is now disabled until it's resolved. Not only will you lose money, you will suffer reputational damages and depending on the attack you may face regulatory fines too. All of this can be prevented, or at least improve the outcome by having an IRP

An IRP will help your teams respond in a consistent manner, because they will follow the checklists outlined in the plan. This ensures they won't forget an important part of the plan. This will also help in case regulators or insurers get involved as they will require to see evidence that you took the right steps and acted accordingly. Often insurers will help with writing an IRP for you that will satisfy them and comply with their rules.

Good IRP will help you collect and analyse information about the incident. This important information will help you prevent the next incident and help you understand thoroughly how this attack came to be.