116 Gawler Place, Adelaide SA 5000 1800 818 875 [email protected]

Incident Response Plan_Jam Cyber

What is an Incident Response Plan?


The primary purpose of an Incident Response Plan is to provide all employees, including the Management Team, with a clear action plan to address any cyber security incidents or data breaches.

Having an Incident Response Plan in place is critical for businesses to minimise the damage caused by cyber security incidents and other disruptions. Further, it enables business owners to maintain business continuity in the face of unexpected events.

What should be included in an Incident Response Plan?

An Incident Response Plan should outline any actions that need to be taken to identify, contain, eradicate, and recover from a cyber incident. At Jam Cyber, our Incident Response Model includes seven elements:

IRP Blog Image01

1. Prepare

Preparation is one of your best defences against cyber attacks. That’s why your business should have a Cyber Security Management System in place. This includes tools and systems as well as policies and procedures and employee training. Additionally, businesses should also prepare communication templates in case you need to contact stakeholders about Notifiable Data Breaches.

2. Identify

This step clarifies to employees/managers what to do if they suspect a data breach or a cyber attack. Further, it should also cover what they should do if they have accidentally caused a breach.  

3. Investigate & Contain

As employees are often the ones who are targeted in cyber attacks, it’s vital they know how to identify an attack and support the containment process. This is where employee cyber awareness training can be vital for businesses.  All staff should know what to do and how to manage this stage.

4. Eradicate

Removing the threat should be the responsibility of the cyber security management team. This may be an internal or external provider.

5. Communicate

Pending the extent of the breach, you may be required (legally and/or ethically) to communicate to three key audiences:

  1. Internal stakeholders (employees and contractors)
  2. External stakeholders (clients, suppliers, external contacts)
  3. The Office of the Australian Information Commissioner.

This is where having communication templates ready to go can streamline this process.

6. Recover

Once the breach has been resolved, you may need to recover data from your backup. This is where your internal or external IT team can support the process.

7. Learn and improve

One of the most important steps in in the Incident Response Model is learning and improving. In this step, organisations should have a process to clearly identify what happened, how the company will mitigate the risk in future and how it will communicate the new changes to employees.

Does my business need an Incident Response Plan?

The latest IBM Cost of a Data Breach report highlights the crucial role of having a well-tested Incident Response Plan. Companies without a tested plan in place will face 82% higher costs in the event of a cyber attack, in comparison to those that have implemented and tested such a plan.

IRP image

As a small business owner, it’s easy to think that your organisation is too small to be the target of a cyber security attack or other disruptive event. However, this is far from the truth. In fact, small businesses are often more vulnerable to such incidents and are increasingly being targeted by cyber criminals.

This is why all businesses should have a clear Incident Response Plan in place. For most businesses with employees, it is also advisable to have a sound cyber security management system to mitigate the threat of attacks.

Can I download an Incident Response Plan template or example?

Jam Cyber has a free Incident Response Plan for businesses to use, or study to create their own plan.

Who is responsible for the Incident Response Plan?

As the primary decision-makers and leaders of their organisations, it’s essential for business owners to recognise the importance of Incident Response Planning and take responsibility for it. Thus, the overall ownership of the Incident Response Plan should sit with the business owner.

This is because the plan aligns with other core roles of an owner including:

  1. Protecting the business: A well-crafted and tested Incident Response Plan can help mitigate the damage caused by a cyber attack or data breach. By taking charge of the plan, business owners can ensure that their organisations are better equipped to handle such events and avoid prolonged downtime or financial losses.

  2. Ensuring compliance: In Australia, some businesses have legal obligations under the Notifiable Data Breach Act. Business owners need to ensure that their organisation complies with these regulations, and a well-designed Incident Response Plan can help meet these requirements.

  3. Encouraging a security-first culture: When business owners prioritise Incident Response Planning, it sends a message to employees and stakeholders that cyber security is a critical part of the organisation’s operations. This, in turn, can foster a security-first culture within the company, where everyone is invested in protecting sensitive information and preventing cyber incidents.

In short, Incident Response Planning is too important to be left to chance. Business owners must take responsibility for creating and maintaining a plan that protects their organisations, ensures compliance, and fosters a security-first culture.

Additional Ways to Strengthen Your Cyber Security

In addition to preparing an Incident Response Plan, it’s important for any business owner to consider the broader picture of cyber security. Proactive steps are just as crucial as having a solid response plan. Here are some straightforward strategies that can help strengthen your overall cyber security.


1. Training Your Team in Cyber Security Awareness

One of the simplest yet most effective ways to boost your cyber security is through regular training for your team. This training should cover the basics of spotting potential cyber threats like phishing emails, safe online practices, password management, and the importance of keeping software up to date. By making sure your team is informed, you’re adding a crucial layer of defence against cyber threats.

2. Using the Right Cyber Security Tools

For any business, having the right technical cyber security system and tools in place is a must. This includes basics like browser blocking and next generation antivirus software, to implementing essential 8 strategies such as whitelisting and application hardening. Equally important is keeping these tools up to date to protect against the latest cyber threats. Think of this as an ongoing investment in your business’s digital health.

3. Establishing Clear Cyber Security Policies

Having clear cyber security policies is not just about compliance; it’s about creating a safe and secure work environment. These policies should outline clearly to employees how they should conduct themselves online use to ensure everyone in the business is being cyber safe. Alongside policies, procedures are also important to help employees abide by best cyber security practices. These range from password management to onboarding and offboarding employees.

Implementing these steps alongside your Incident Response Plan will give your business a more comprehensive shield against cyber risks. It’s about making cyber security a regular part of your business operations, which in turn can help reduce the likelihood and impact of cyber incidents.

// Get In Touch

Let's Work to Protect Your Business!

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    // Testimonials

    Hear from our Happy Clients

    After more than 30 years in the industry, we know our stuff when it comes to ICT solutions and cyber security. But don’t take our word for it.

    Hear what our clients have to say.

    Jam Cyber Testimonial Workplace Lawyers
    Play Video


    Another client success story by Jam Cyber: The Workplace Lawyers Sydney. Hear Co-Founder Hannah Ellis talk about her experience since 2015.

    Jam Cyber Testimonial DG Air
    Play Video


    Brad talks about how little disruption was incurred when their interstate offices were moved to the cloud and appropriately secured using the Jam Cyber security framework.

    Jam Cyber Testimonial Duraflex
    Play Video


    Phil explains how Jam Cyber has been the trusted Cyber and IT partner since 2006 by adjusting solutions to scaling business.

    Google Rating
    Based on 36 reviews
    Have questions? Search our knowledgebase.