S416, 147 Pirie Street, Adelaide SA 5000 1800 818 875 [email protected]

JAM FeatureImage IncidentResponePlan Blog 1

What is an Incident Response Plan?


The primary purpose of an Incident Response Plan is to provide all employees, including the Management Team, with a clear action plan to address any cyber security incidents or data breaches.

Having an Incident Response Plan in place is critical for businesses to minimise the damage caused by cyber security incidents and other disruptions. Further, it enables business owners to maintain business continuity in the face of unexpected events.

What should be included in an Incident Response Plan?

An Incident Response Plan should outline any actions that need to be taken to identify, contain, eradicate, and recover from a cyber incident. At Jam Cyber, our Incident Response Model includes seven elements:

IRP Blog Image01

1. Prepare

Preparation is one of your best defences against cyber attacks. That’s why your business should have a Cyber Security Management System in place. This includes tools and systems as well as policies and procedures and employee training. Additionally, businesses should also prepare communication templates in case you need to contact stakeholders about Notifiable Data Breaches.

2. Identify

This step clarifies to employees/managers what to do if they suspect a data breach or a cyber attack. Further, it should also cover what they should do if they have accidentally caused a breach.  

3. Investigate & Contain

As employees are often the ones who are targeted in cyber attacks, it’s vital they know how to identify an attack and support the containment process. This is where employee cyber awareness training can be vital for businesses.  All staff should know what to do and how to manage this stage.

4. Eradicate

Removing the threat should be the responsibility of the cyber security management team. This may be an internal or external provider.

5. Communicate

Pending the extent of the breach, you may be required (legally and/or ethically) to communicate to three key audiences:

  1. Internal stakeholders (employees and contractors)
  2. External stakeholders (clients, suppliers, external contacts)
  3. The Office of the Australian Information Commissioner.

This is where having communication templates ready to go can streamline this process.

6. Recover

Once the breach has been resolved, you may need to recover data from your backup. This is where your internal or external IT team can support the process.

7. Learn and improve

One of the most important steps in in the Incident Response Model is learning and improving. In this step, organisations should have a process to clearly identify what happened, how the company will mitigate the risk in future and how it will communicate the new changes to employees.

Does my business need an Incident Response Plan?

The latest IBM Cost of a Data Breach report highlights the crucial role of having a well-tested Incident Response Plan. Companies without a tested plan in place will face 82% higher costs in the event of a cyber attack, in comparison to those that have implemented and tested such a plan.

IRP image

As a small business owner, it’s easy to think that your organisation is too small to be the target of a cyber security attack or other disruptive event. However, this is far from the truth. In fact, small businesses are often more vulnerable to such incidents and are increasingly being targeted by cyber criminals.

This is why all businesses should have a clear Incident Response Plan in place. For most businesses with employees, it is also advisable to have a sound cyber security management system to mitigate the threat of attacks.

Can I download an Incident Response Plan template or example?

Jam Cyber has a free Incident Response Plan for businesses to use, or study to create their own plan.

Who is responsible for the Incident Response Plan?

As the primary decision-makers and leaders of their organisations, it’s essential for business owners to recognise the importance of Incident Response Planning and take responsibility for it. Thus, the overall ownership of the Incident Response Plan should sit with the business owner.

This is because the plan aligns with other core roles of an owner including:

  1. Protecting the business: A well-crafted and tested Incident Response Plan can help mitigate the damage caused by a cyber attack or data breach. By taking charge of the plan, business owners can ensure that their organisations are better equipped to handle such events and avoid prolonged downtime or financial losses.
  2. Ensuring compliance: In Australia, some businesses have legal obligations under the Notifiable Data Breach Act. Business owners need to ensure that their organisation complies with these regulations, and a well-designed Incident Response Plan can help meet these requirements.
  3. Encouraging a security-first culture: When business owners prioritise Incident Response Planning, it sends a message to employees and stakeholders that cyber security is a critical part of the organisation’s operations. This, in turn, can foster a security-first culture within the company, where everyone is invested in protecting sensitive information and preventing cyber incidents.

In short, Incident Response Planning is too important to be left to chance. Business owners must take responsibility for creating and maintaining a plan that protects their organisations, ensures compliance, and fosters a security-first culture.

// Get In Touch

Let's Work to Protect Your Business!

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    // Testimonials

    Hear from our Happy Clients

    After more than 30 years in the industry, we know our stuff when it comes to ICT solutions and cyber security. But don’t take our word for it.

    Hear what our clients have to say.

    Jam Cyber Testimonial Workplace Lawyers
    Play Video


    Another client success story by Jam Cyber: The Workplace Lawyers Sydney. Hear Co-Founder Hannah Ellis talk about her experience since 2015.

    Jam Cyber Testimonial DG Air
    Play Video


    Brad talks about how little disruption was incurred when their interstate offices were moved to the cloud and appropriately secured using the Jam Cyber security framework.

    Jam Cyber Testimonial Duraflex
    Play Video


    Phil explains how Jam Cyber has been the trusted Cyber and IT partner since 2006 by adjusting solutions to scaling business.

    Have questions? Search our knowledgebase.