What is a Cyber Incident Response Plan and why is it useful?

The fight to protect your company’s data is not for the faint of heart. As a combative IT warrior, with more systems, apps, and users to support than ever before, keeping everything “in the air” is already a struggle. When it comes to avoiding the worst-case scenario, you need all the help you can get despite your superhero status.

What is a Cyber Incident Response Plan?

If a five-year-old asked us to explain what a Cyber Incident Response Plan is, we might say something like this: “It’s kind of like a fire drill, but for the IT people.”

When the worst-case scenario becomes a reality, it is essential to have the right plan in place, to have the right people in the right place (who know what to do), the right tools and the right preparation.

A Cyber Incident Response Plan can be divided into 6 phases:

  1. Preparation
  2. Identification
  3. containment (containment)
  4. Eradication
  5. Recovery (recovery)
  6. Lessons learned


Prepare users and IT to deal with potential

incidents in case they occur.


Describe what we mean by a ‘cyber security incident’ (which events can we ignore vs. what should we do something about now?)

Containment (Containment)

Isolate affected/affected systems to prevent further damage (impact control). This is a step where you prefer to use automation.


Find and eliminate the root cause (remove the affected/affected systems from production).

Recovery (recovery)

Allow affected/affected systems back into production (and monitor them closely).

Lessons learned

Write down, analyze and review everything with all team members in order to improve the response to future incidents.

Why is a Cyber Incident Response Plan useful?

A cyber security incident entails a lot of stress. Unfortunately, today it is no longer a question of ‘if it will happen’, but of ‘when it will happen’.

Having a Cyber Incident Response Plan ensures that you as an organization can remain calmer, that you can act in a more targeted manner and therefore arrive at a solution faster. After all, it is widely known that the faster a cyber security incident is contained, the smaller its total impact.

But the problem with plans is that they are often designed to sit on the shelf until the day when the proverbial oxygen masks fall from the ceiling. Other than that, they’re just collecting dust (except for the occasional auditor visits).

It is therefore important not to choose a passive, but an active approach when drawing up, using and maintaining your Cyber Incident Response Plan.

Let us help you develop your Cyber Incident Response Plan.

With Spinae we are specialized in cyber security. We are well aware that it is impossible for most companies to draw up a solid Cyber Incident Response Plan tailored to their organization. Spinae wants to help you with this.

Contact us for further information or an introductory meeting.