Incident response plans can lessen impact of cyber incidents: Expert

CHICAGO – Having an incident response plan in place can help mitigate disruption and losses in the case of a cyber incident, Anthony Dolce, head of professional liability and cyber underwriting for The Hartford Insurance Group Inc., said Tuesday at the Risk and Insurance Management Society Inc.’s Riskworld 2025 conference.

From ransomware to social engineering to business email compromise, the threat landscape remains virulent. “I don’t think this is a shock to anyone, but the threats are continuing,” Mr. Dolce said. “This translates into a pretty volatile cyber landscape.”

In order to be prepared to respond to any type of attack, a business or organization should craft and have in place an incident response plan, because “those that fail to plan, plan to fail,” Mr. Dolce said.

“You’re seeing more and more education in the industry now where you really do need to have some type of a plan in place,” Mr. Dolce said.

A robust IRP involves a number of different parties. These include the organization’s cyber insurer as well as third-party vendors such as external law firms, data restoration companies and vendors to help with breach notifications, which can number in the thousands and may require specialized, dedicated resources.

Key decision-makers in the company should know about the plan and understand their roles and responsibilities.

“You don’t want to have to call somebody in the C-suite in the middle of the night and have to explain to them what’s required of them,” Mr. Dolce said.

One piece of “old school” advice Mr. Dolce gives is to maintain hard copies of all insurance information and response plans, as a cyber incident may make it impossible to access digital records.