News & Blog

Cyber Incident Response Plan

29 July 2025

Your First Line of Defence Against a Data Breach

No matter the size or type of organisation, having a  Data Breach Incident Response Plan is essential. Cyber threats such as ransomware, phishing, and data breaches can strike at any time. A well-prepared response plan helps minimise damage and recovery time.

What Is a Data Breach Incident Response Plan?

The plan outlines the steps to take when a cyber incident is detected. It should address common threats such as:

  • Data breaches
  • Ransomware
  • Phishing and social engineering
  • Malware infections
  • Equipment loss or theft

The size and detail of your plan should match the complexity of your organisation.

Where to Start

A good starting point is cyber.gov.au, which offers a free Cyber Incident Response Plan template. This template is based on the NIST framework and identifies common threat types, including:

  • External media attacks (e.g. infected USB drives)
  • Web-based attacks (e.g. browser vulnerabilities, cross-site scripting)
  • Email threats (e.g. malicious links or attachments)
  • Impersonation attacks (e.g. spoofing, man-in-the-middle attacks)
  • Supply chain compromise
  • Improper usage (e.g. policy violations by staff)
  • Loss or theft of devices (e.g. laptops or phones)

Working with an IT professional is recommended to tailor the plan to your environment and ensure best practices are followed.

Common Cyber Incidents

Your response plan should clearly define actions for handling incidents such as:

  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
  • Phishing attempts targeting credentials or sensitive data
  • Ransomware infections that lock or encrypt data
  • Malware (viruses, Trojans, worms)
  • Data breaches involving unauthorised access
  • Industrial Control System (ICS) compromise

Who Responds?

Every plan must nominate an incident leader to manage the response. In smaller organisations, this may be an internal staff member or Crash Technology, your IT provider. The response team might include:

  • IT or cybersecurity support
  • Legal advisors (for compliance and reporting)
  • Communications or PR personnel (for notifying staff, clients, or media)
  • Cyber insurance support (if applicable)

Response Process (Based on the SANS Institute Framework)

  1. Preparation – develop the plan, train staff, and run practice scenarios
  2. Identification – detect and verify the incident
  3. Containment – prevent further spread or damage
  4. Eradication – remove the threat from all systems
  5. Recovery – restore normal operations and systems
  6. Lessons learned – review the incident and improve the plan

All actions taken during the response should be documented. Using checklists helps ensure nothing is missed under pressure.

Final Thoughts

Cyber incidents are no longer a matter of if, but when. A well-structured and up-to-date response plan can make the difference between a quick recovery and a costly disruption.

Contact the team at Crash Technology for us to provide a customised Data Breach Incident Response plan.

Want to know more?

Contact us - we don't byte.

" “Crash Technology have always been spontaneous in resolving any of our IT business needs. The team provides genuine customer service.""
Colin Speechley - , Wholesale Logistics
See all testimonials

Crash Technology