Part Three: Communicate the Plan

Successfully defending your organization from cybersecurity events can only happen if everyone understands their role in the response plan. Some of the key groups who should understand the incident response plan include incident response team members, organization leaders, external partners, and employees. This article explores how to communicate the game plan to everyone in your organization.

Woman's hand holding a pastel telephone on a blue background. Telecommunication.

Communicate the Incident Response Plan to These Groups:

Incident Response Team
Part 1 of this series discusses how to create an all-star incident response team whose members are assigned specific roles and responsibilities in the event of a cyber incident. It is essential to communicate with each member of the response team to ensure they understand the entire plan and their assigned role within it. This should be communicated on a regular basis to ensure the plan can be successfully activated at any time. Expect changes and updates to the plan over time: team members may come and go, role responsibilities may change, and new cyber threats may need to be evaluated. As such, regular team communication is essential.

Communicate the plans and procedures outlined in the response plan with your organization's leadership team. Make sure they understand their role during a response. This avoids breakdowns in communication and misunderstandings and gives leadership confidence the response plan will be executed successfully and that they will be kept “in the loop” throughout the response to an event.

External Partners
Part 1 of this series describes external partners as an essential part of the all-start incident response team. External partners include legal counsel, public relations, computer forensics, insurance carriers, and others. These partners may have additional information and resources crucial to the success of the response plan. An open line of communication with these partners and periodic contact throughout the year can ensure readily available and accurate contacts for when it’s necessary to pull these partners into action.

An incident response plan can only be triggered if cyber incidents are detected and reported. An organization’s employees are often the targets of direct message cyberattacks and are therefore often the first to encounter unusual cyber activity. It’s essential for the incident response team to communicate to employees how to identify cybersecurity events and how, to whom, and in what time frame they should report these suspected events. These procedures can be communicated to employees via policies and periodic training on how to detect cyber incidents and instructions on how to respond.


Part 4, the final installment of the Incident Response Plan Series, covers how to practice to make sure your organization is ready for a cybersecurity attack. It also explores what your organization can learn to continue to improve your response.