Only 24% of organisations consistently apply incident response plans

We’ve written a lot about cyber security incident response plans (CSIRPs) recently, and for good reason: not enough organisations have implemented one. According to Ponemon Institute’s Third Annual Study on the Cyber Resilient Organization, only 24% of respondents said they had a CSIRP applied consistently across their organisation.

Even those that do have a plan in place are often guilty of neglecting it. CSIRPs should be reviewed regularly, as organisations always face new challenges and their organisational structure and technologies change often. However, 34% of the report’s respondents said they only review their plan once a year, and 39% said they have no set intervals for review.

Why CSIRPs are important

Cyber security threats are now so common that even the most prepared organisations are acknowledging that it’s impossible to prevent every incident. It’s therefore important to have a plan for when disaster strikes.

A CSIRP makes it easier for organisations to identify the necessary steps to take in the event of an incident, and ensures that they acknowledge and mitigate weaknesses in their policies, technical controls and the way employees communicate with each other, customers and regulators.

Planning also enables organisations to learn from their mistakes. After the framework has been initiated and the organisation has responded to the incident, senior staff should assess the effectiveness of their response and identify why the incident occurred. This allows them to mitigate the risk of future disruptions and assures that, should a similar incident happen again, the organisation has the best possible plan in place.

CSIRPs fall under the wider umbrella of cyber resilience, a framework that combines traditional security measures, such as firewalls and antivirus software, with measures that mitigate the damage of a breach.

Cyber resilience is expected to become much more popular in the coming months, as its methodology helps organisations comply with the Network and Information Systems Regulations (NISR), the new law designed to protect crucial infrastructure.


The NISR state that operators of essential services (OES) and digital service providers (DSPs) must:

  • Implement appropriate technical and organisational measures to secure their network and information systems;
  • Account for the latest developments and consider the security risks in their systems;
  • Take appropriate measures to ensure service continuity in the event of security incidents; and
  • Promptly notify the relevant supervisory authority of any significant security incident.

Adopting a cyber resilient approach can help organisations meet each of these requirements and avoid disciplinary action from regulators.

Free compliance guide

You can learn more about the NISR and how cyber resilience and CSIRPs can help by reading our NISR compliance guide. This free green paper covers:

  • The NISR requirements and the UK government’s implementation approach;
  • The proposed assurance regime;
  • Which organisations are in scope;
  • The proposed security requirements for compliance; and
  • How you can implement a compliance programme to meet the NIS Regulations’ requirements.

You might also be interested in our NISR infographic, which breaks down the key information into bite-sized chunks and is an ideal reference tool.