The importance of a cyber incident response plan

The term ‘cyber incident’ refers to an event where unauthorised access to a computer system or network has occurred. Examples include hacking, phishing and malware attacks.  A ‘data breach’ is the unauthorised disclosure or leakage of data, which is a more specific and tangible consequence of cyber incidents. Data breaches can occur due to cyberattacks or human error.

Posing a threat to both the private and public sectors, cyber incidents can have far-reaching consequences and carry an immense cost. In order to counteract the possibility of such attacks, data management and cybersecurity needs to be taken seriously by organisations.

The cost of being unprepared

In addition to the immediate financial implications of being unprepared for a cyber incident - including legal fees, regulatory fines, and potential lawsuits – organisations that fail to take the threat seriously can also face long-term damage to their reputation and customer trust.  Internally, data breaches require a lot of time and effort to coordinate and remedy. Externally, they erode the confidence that customers, partners, and the public have in the organisation where the breach has taken place. Worse still, such incidents can also impact individuals’ health and safety.

There has been a recent surge in cyberattacks and data breach incidents in the Hong Kong Special Administrative Region (SAR). In January, the University of Hong Kong was reported to have experienced a data breach where the personal data of as many as 7,400 students, academic visitors and programme applicants may have been leaked. Hong Kong business park Cyberport also experienced a data leak recently when an international hacking group infiltrated their system and stole up to 400GB of confidential documents. The hackers demanded a ransom, which Cyberport refused to pay and, as a result, the data was eventually leaked on the dark web. According to various reports, the leaked information included Cyberport’s financial reports, loan status, and employee data. This incident generated widespread discussion and debate, and reminded the public how vulnerable we are as we learn to adapt to the digital space.

Rebuilding trust and recovering from reputational damage takes time and resources. That’s why investing in proactive measures and having a robust cyber incident response plan is not just a matter of security, but a critical business strategy that can substantially minimise and contain the impact of a breach.

Developing a cyber incident response plan

A comprehensive cyber incident response plan helps ensure breaches are effectively managed, determining, in advance, a strategy for identifying, containing, assessing and managing the impact brought about by the incident from start to finish.

To discharge their cybersecurity obligations, companies will need to take into account the laws and regulations specific to their jurisdictions. In addition to laws and regulations, guidance notes and best practices published by reputable industry associations and standard organisations can serve as valuable benchmarks for companies, providing practical recommendations and industry-specific insights on how to enhance cybersecurity practices.

Co-written by Sara Chan of Pinsent Masons