Given the increased threat of cyber-attacks facing organizations today, it’s not only important to have protections in place to prevent attacks, but also make sure you’re prepared if the worst actually happens. Having an incident response plan is an important first step, but frankly it’s not enough. You don’t want the first time you need your response plan to be the first time you use it. Running periodic incident response simulations is therefore a must. 

Here are some steps you can take to perform your own incident response simulation: 

Review Your Plan 

  • Identify a response team. Make sure a you’ve designated a team to respond to any incidents and that every member knows their role within the overall response procedure. 
  • Conduct an inventory of your data. Make sure you know where your data is and what types are most sensitive. If you collect personally identifiable information or personal health information, for instance, you’ll definitely want to know where to find it in the event of a breach. 
  • Know what regulation and contractual requirements will govern your response. This often entails prompt notice of a breach to certain entities outside your organization. Insurance carriers, forensics teams, states attorney generals, and clients might need to be notified should something happen. Moreover, regulations vary from state to state and country to country, so it’s important to understand where your clients are located in order to know how to respond accordingly.  
  • Know who you need to contact that is outside of the organization.  Your insurance carrier?  Forensics?  Clients?  The FBI?  Make sure those contacts are documented so you do not have to hunt for them when the malware hits the fan.

Run Through a Scenario 

  • Malicious insider action, breach of sensitive data, host application compromise, denial of service attack; lost or stolen IT assets, and ransomware attack. are all examples of possible scenarios you could face. Of course, not all organizations will be vunerable to the same types of incidents, so take some time to identify the scenarios that could responsibly happen to you.  
  • Bring your response team together and walk through what steps need to be taken for every possible scenario, and make sure everyone know who will be responsible for what.  
  • After a run-through, note any questions or issues what need to be resolved. For example, are you unable to know if your backup works because they haven’t been tested? Are you capable of identifying exactly what data was exposed? Do you need a retainer for a forensics company to ensure prompt help? Comb through every detail and make sure every question is answered.  

Rinse and Repeat 

You’re probably not going to nail the response on your first try. That’s why it’s important to keep practicing these simulations until you feel confident that you and your team will be ready to respond quickly and effective should the worst happen.  


Doing simulations can actually help save costs in the event a breach occurs. According to The Ponemon Institute’s 2017 Cost of Data Breach Study, a fully functional response teams save on average 14% of total data breach costs, and fast responses to a breach can save up to 26% of response costs. Taking the time now to make sure you’re prepared can save time, money, and your reputation. 

Share This