Cyber Incident Response Plan

The Australian Cyber Security Centre (ACSC) defines a cyber incident as an unwanted or unexpected cyber security event, or a series of such events, that have a significant probability of compromising business operations.

Australian organisations are frequently targeted by malicious cyber adversaries. The ACSC’s assessment is that malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, and sophistication. As adversaries become more adept, the likelihood and severity of cyber attacks is also increasing due to the inter-connectivity and availability of information technology platforms, devices and systems exposed to the internet.

To illustrate the volume of cyber incidents occurring in Australia, the ACSC responded to over 1500 cyber security incidents between 1 July 2020 and 30 June 2021. While many of the incidents reported to the ACSC could have been avoided or mitigated by good cyber security practices, such as implementation of ASD’s Essential Eight security controls, risks will still remain when organisations operate online.

All organisations should have a cyber incident response plan to ensure an effective response and prompt recovery in the event security controls don’t prevent an incident occurring. This plan should be tested and regularly reviewed.

To be effective, a cyber incident response plan should align with the organisation’s incident, emergency, crisis and business continuity arrangements, as well as jurisdictional and national cyber and emergency arrangements. It should support personnel to fulfill their roles by outlining their responsibilities and all legal and regulatory obligations.

For more information download the Cyber Incident Response Plan - Guidance & Template and the Cyber Incident Response Readiness Checklist.

‍

‍

Selected by Virginie GASTINE MENOU