Select regional store:

Cyber Incident Response (CIR) Management

Becoming a victim of a cyber attack is an imminent reality for all companies

With punitive measures introduced by the EU's GDPR (General Data Protection Regulation), the California Consumer Privacy Act (CCPA), and the NIS Directive (EU Directive on security of network and information systems), how an organization responds to a cyber incident can often spell the difference between failure and success.

The speed at which you identify and mitigate such incidents makes a significant difference in controlling your risks, cost and exposure. Effective CIR management can reduce the risk of future incidents occurring, help you detect incidents at an earlier stage and develop a robust defence against attacks to potentially save your organisation millions.

Speak to a cyber security expert

If you would like more information or advice on managing your cyber risks, speak to one of our experts and discover how we can support your organization.

Contact us

Why do you need incident response planning?

Cyber attacks and data breaches are inevitable, so the speed at which you react to a breach is critical. Cyber criminals only need to find one weakness to infiltrate your systems, so it is essential to be prepared when a breach occurs.

The current incident response climate in organizations demonstrates why CIR is not something you can afford to ignore:


days, the average number of time that a threat has undetected access in a network. (FireEye M-Trends 2018)


of organizations don't have a cyber incident response plan in place and are unprepared to respond to a cyber attack. (PwC Global Economic Crime and Fraud Survey 2018)​​


for organizations to report data breaches/incidents under the EU's GDPR. The breach must be reported within 72 hours, or face heavy fines


the average cost for an organisation that has suffered a data breach. (Ponemon Institute’s 2018 Cost of a Data Breach Study: Global Overview)​

Incident reporting requirements under the GDPR and NIS Directive

Under Article 32 of the EU's GDPR, organiations are obligated to restore availability of and access to personal data in the event of a physical or technical breach. 

Organiszations in critical infrastructure also face these obligations under the NIS Directive (EU Directive on security of network and information systems), whereby OES (operators of essential services) and DSPs (digital service providers) are required to adopt incident response measures to ensure recovery following a disruptive incident.


1. Reconnaissance

  • Identify target
  • Look for vulnerabilities


  • Monitoring and logging
  • Situational awareness
  • Collaboration

2. Attack target

  • Exploit vulnerabilities
  • Defeat remaining controls
  • Architectural system design
  • Standard controls (e.g. ISO 27001)
  • Penetration testing

3. Achieve objectives

  • Disruption of systems
  • Extraction of data
  • Manipulation of information
  • Cybersecurity incident response planning
  • Business continuity and disaster recovery plans
  • Cybersecurity insurance

Frameworks that outline and require incident response measures

Incident response planning is mandated as part of all major cybersecurity regimes either directly or indirectly. The following standards require incident response measures: 

Incident Response Management Training

Find out how to effectively manage and respond to a disruptive incident, such as a data breach or cyber attack, and take appropriate steps to limit the damage to your business, reputation, and brand.

This course will provide an introduction to developing a cyber incident response program to protect your business.

Book now

Cyber Incident Response Management – A beginner’s guide

Free PDF download: Cyber Incident Response Management – A beginner’s guide

Download this paper to:

  • Understand exactly what constitutes a cyber incident
  • Learn about the potential consequences of suffering an incident
  • Find out what to include in your incident response plans
  • Discover a step-by-step incident response process

Download now

Why choose IT Governance? 

  • We draw from proven incident response standards such as ISO 27035 to help you define, implement, and effectively apply an incident response management programme in your organisation. 
  • We will put in place a process that allows you to determine, and report on, the specifics of a cyber incident. 
  • Our management service is tailored to your needs, business requirements and budget, making it a cost- effective solution. 
  • We have more than 15 years’ experience in helping organizations achieve local and international compliance with management system standards such as ISO 27001.
  • We have multi-disciplinary teams with project managers to roll out compliance implementation projects, and executive expertise to brief your board and develop suitable strategies.
This website uses cookies. View our cookie policy