What is a cyber incident?

The first documented cyberattack was launched by a college student, Robert Morris, who had programmed the Morris worm. It spread rapidly via computers nationwide that slowed down the military, universities, and research centers. The worm showed the impact a cyber incident can have without an incident response plan. 

Cyber incidents, like the Morris worm, have grown in size and frequency. But hackers, worms, viruses, and malware aren’t the only cause of cyber incidents. A cyber incident is defined broadly as an action or event that has an adverse effect on a system, a network, or the data that resides on them. A majority of cyber incidents are caused by human error. A poorly tested system update or a misconfigured network device can lead to unexpected system behavior and cause a widespread cyber incident. A large-scale example of this is Facebook’s recent power outage in 2021, where their systems failed and were down for 6-7 hours, according to Wikipedia. Cyber incidents like the Facebook outage can have adverse effects when they occur. According to Adecco, a talent advisory and solutions company, “one company watched their revenge plunge 70%. Another company saw their sales slip 30%”, during the Facebook outage. Cyber incidents don’t just affect the company experiencing it, but clientele as well. 

Whether you’re a small business, large cooperation, or individual, everyone is vulnerable to cyber incidents. The Associated Press-NORC Center for Public Affairs Research found, “9 in 10 Americans are at least somewhat concerned about hacking that involves their personal information, financial institutions, government agencies or certain utilities.” Cyber incidents are a growing concern for anyone, and depending on the size and scale of a cyber incident it might lead to a minor nuisance or disrupt an entire industry. You just don’t know ahead of time, and the stakes are too high to risk getting it wrong. 

How cyber incidents affect your business 

Cyber incidents are destructive. Regardless of the size and standing of a business, a cyber incident is always a lurking threat. When the threat materializes, it can cause loss of data, damage to brand reputation, disrupt daily operations, and more. According to a report by IBM, data breaches in 2021 resulted in the loss of business and cost on average $180 per record of personally identifiable information (PII) that was leaked to the public. That might not sound like a lot on the surface, however, when you do the math, a breach affecting just 100 records would cost a business $18,000. And even very small businesses will typically have data on more than 100 customers. 

Cyber incidents are costly, and they can hurt your bottom line in multiple ways. One of the most significant and lasting impacts of a data breach is the resulting loss of brand loyalty. According to studies, when a business suffers from a data breach, 70% of users will stop using the service. Adding onto that, 60% of small businesses close within six months of being hacked. So, not only can one cyber incident result in unexpected expenses or decreased customer retention, but it can irreparably harm your business. That is why it’s important to anticipate and plan for cyber incidents. So that when one occurs, you have a plan in place to minimize your losses. 

The importance of having a cyber incident response plan 

“The time to prepare for a disaster is before it occurs” – Stephen Matheson, Vice President of Product and Sales at BridgeHead Software. 

It’s critical to implement a cyber incident response plan before a disaster occurs. No matter the size of your business a cyber incident can strike at any moment. You’ll want to be prepared to mitigate the negative, costly effects. Before you think, “it couldn’t happen to me”, or “I’m too small to be targeted”, consider that 350,000 new malware programs are created every day according to AV-Test. It’s safe to assume that at least one malware program could hit your business through a phishing email, hacked hardware, an infected URL, and other means. As a result, it could cause unnecessary downtime, data loss, expenses, and more. 

A cyber incident response plan pays for itself the first time it’s used. The faster and more organized your response is to a cyber incident, the less downtime, data loss, or leakage you’re likely to experience.  The only real cost of a plan is the time and effort that goes into creating and maintaining it.  

Benefits of having a cyber incident response plan:

  • A coordinated, orderly response:
    • A plan ensures that every person with a role in cyber incident recovery is aware of their responsibilities, which experts to call upon (e.g. legal, PR, insurance, IT, etc.), and the steps necessary to contain the event, preserve evidence, and comply with laws and obligations. 
  • Faster recovery, less downtime 
    • An organized recovery is a faster recovery, and that means less downtime, lower out-of-pocket costs, and fewer mistakes during the investigation, evidence gathering, and service rebuild. 
  • Protect brand reputation
    • Brand reputation is critical to customer retention. According to Oberlo, 81% of consumers said they need to trust a brand before buying from them. A response plan can build a good brand reputation because clients can rely on your business to keep their sensitive data safe. 

What do I need for a cyber incident response plan? 

Failing to plan is planning to fail. A business that lacks a solid incident response plan can suffer losses, such as downtime and loss of revenue, that could easily disrupt or shut your business down. So, cyber incident response plans are essential for the continuity of any business. Not all response plans are one and the same, however, as different businesses will require a different set of needs. Though the plan may not be the same for every business, there are basics for what you need to include in your plan. 

1. Know the Necessary Steps to Include

  • Contain the incident
    • Cyber incidents are of no surprise and can occur at any moment. When a fire occurs, there are efforts to contain the fire so it does not spread and cause more harm. Similarly, a response plan must contain the incident to prevent further damage to others parts of your business. 
  • Mitigate the harm
    • Downtime is a common and harmful consequence of a cyber incident. It can cause businesses to lose valuable resources, but this can be reduced by making sure your business can still operate while managing the incident. Being able to still operate while managing the incidents can help keep your business running, be able to still serve customers, and preserve resources. 
  • Collect and preserve data
    • A cyber incident investigation requires many steps to prevent harm or soften the blow of the incident. Another step is you’ll need to work with outside parties as the investigation is being occurred. This is because outside parties may need certain information, could be negotiating with the hackers and must inform you, and more. 

2. Know the Elements of a Strong Plan

  • Identify decision-makers who will manage legal, PR, Mitigation, and act as a Liason. 
  • How to contact critical personnel (day and night), and what to do when they’re unavailable
  • List mission-critical data, assets, networks, or services to receive priority focus. 
  • List of outside service providers you may need during an incident and how to contact them
  • Where to obtain incident response services, if needed
  • When and how to restore backed up data (and assess its integrity before restoring)
  • When and how to notify or engage law enforcement or other government entities
  • Criteria to determine when/if data owners, customers, or partners would be notified. 

3. Once you Have a Solid Plan

  • Familiarize yourself with the plan
    • It’s important to know the ins and outs of your incident response plan. Familiarizing yourself with your plan will help you understand what is in your plan, how to execute it properly, and when to implement the plan.
  • Create a hard & electronic copy of the plan
    • During an incident, the entirety or integrity of your electronic systems may be down, so it’s important to create a hard copy of your plan. Creating a hard copy will ensure that you can counteract an incident no matter if your systems are down or not. 
  • Review and practice the plan annually
    • Reviewing the plan annually will help you to always be prepared to respond to an incident. Practicing the plan with help you to know how to respond to an incident, whatever it may be.

4. Test the Plan

  • Testing a plan is a great practice to ensure that your plan works. It will also reveal any gaps that are within your plan, so you can remedy those gaps to strengthen your plan. You can test your plan by doing a tabletop walkthrough with your employees, in which they are verbally walked through the plan step-by-step. Another way to test the plan is by simulating an incident and enacting the plan to be sure it works efficiently in a real-world situation. 


Cyber incidents are not uncommon, especially in a world where technology is constantly evolving. They can cost a business loyal customers, money, time, and plenty of other valuable resources that can damage a business or put it out for good. It’s important to have a good incident response plan that is practiced and reviewed annually to prevent as much harm to your business as possible. This will keep your business secure, strong, and able to stand against any incident.