Out-Law / Your Daily Need-To-Know

Out-Law Analysis 2 min. read

The importance of a cyber incident response plan

In today's digital landscape, cyber incidents and data breaches are an unfortunate reality for businesses of all sizes. Having a robust cyber response plan in place will help to mitigate this risk.

The term ‘cyber incident’ refers to an event where unauthorised access to a computer system or network has occurred. Examples include hacking, phishing and malware attacks.  A ‘data breach’ is the unauthorised disclosure or leakage of data, which is a more specific and tangible consequence of cyber incidents. Data breaches can occur due to cyberattacks or human error.

Posing a threat to both the private and public sectors, cyber incidents can have far-reaching consequences and carry an immense cost. In order to counteract the possibility of such attacks, data management and cybersecurity needs to be taken seriously by organisations.

The cost of being unprepared

In addition to the immediate financial implications of being unprepared for a cyber incident - including legal fees, regulatory fines, and potential lawsuits – organisations that fail to take the threat seriously can also face long-term damage to their reputation and customer trust.  Internally, data breaches require a lot of time and effort to coordinate and remedy. Externally, they erode the confidence that customers, partners, and the public have in the organisation where the breach has taken place. Worse still, such incidents can also impact individuals’ health and safety.

Jennifer Wu

Jennifer Wu


Investing in proactive measures and having a robust cyber incident response plan is not just a matter of security, but a critical business strategy that can substantially minimise and contain the impact of a breach

There has been a recent surge in cyberattacks and data breach incidents in the Hong Kong Special Administrative Region (SAR). In January, the University of Hong Kong was reported to have experienced a data breach where the personal data of as many as 7,400 students, academic visitors and programme applicants may have been leaked. Hong Kong business park Cyberport also experienced a data leak recently when an international hacking group infiltrated their system and stole up to 400GB of confidential documents. The hackers demanded a ransom, which Cyberport refused to pay and, as a result, the data was eventually leaked on the dark web. According to various reports, the leaked information included Cyberport’s financial reports, loan status, and employee data. This incident generated widespread discussion and debate, and reminded the public how vulnerable we are as we learn to adapt to the digital space.

Rebuilding trust and recovering from reputational damage takes time and resources. That’s why investing in proactive measures and having a robust cyber incident response plan is not just a matter of security, but a critical business strategy that can substantially minimise and contain the impact of a breach.

Developing a cyber incident response plan

A comprehensive cyber incident response plan helps ensure breaches are effectively managed, determining, in advance, a strategy for identifying, containing, assessing and managing the impact brought about by the incident from start to finish.

A cyber incident response plan is a document that outlines how the organisation will respond in the event of a cyber incident. It is important to proactively develop and maintain this plan to be prepared for potential incidents.

Best practices to consider include:

  • Establish a dedicated breach response team with specific roles and responsibilities to handle the breach. This team should include representatives from various departments, such as IT, legal, communications, and management.


  • Establish a clear escalation protocol for escalating the incident internally and externally. This ensures that the appropriate stakeholders are notified promptly and can take appropriate actions.


  • Regularly conduct simulations and training to test the effectiveness of the response plan and familiarise the team with their roles and responsibilities. These exercises will help identify any gaps or areas for improvement in the plan.


  • Consider whether to take out cyber liability insurance with insurers that specialise in managing cyber risks.Cyber liability insurance can help reduce the financial risk by transferring some of the risk to the insurer.

To discharge their cybersecurity obligations, companies will need to take into account the laws and regulations specific to their jurisdictions. In addition to laws and regulations, guidance notes and best practices published by reputable industry associations and standard organisations can serve as valuable benchmarks for companies, providing practical recommendations and industry-specific insights on how to enhance cybersecurity practices.

Co-written by Sara Chan of Pinsent Masons

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.