Importance of incident response plan and documentation in cybersecurity incidents
- Cybersecurity needs a seat at the table in procuring cyber risk insurance
- Using incident response plan and documentation is critically important in incident situations
- Incident documentation helps in telling the story of what the company did and why it did it
- Incident documentation helps protect chain of custody and preserve privilege in a two-track investigation
- Legal pitfalls to avoid in cybersecurity incidents
When a company does not build documentation on what they did, why they did it, and the timeline in particular, it makes it really hard to answer questions from insurance carriers to get reimbursed. It really makes it hard to answer questions from plaintiffs and the like. Therefore, it is important to have incident documentation to do those things.