person working on a tablet

Securing Your Business: Human Resources and the need for a Cyber Breach Response Plan

Securing Your Business: Human Resources and the need for a Cyber Breach Response Plan

4 Minute Read

Understanding a company’s cyber security processes is a key component of the human resources team’s role in risk management. Find out more in this blog.

The role of human resources (HR) in a company has evolved from meeting basic employee needs to be responsible for recruiting, screening, interviewing and placing workers. The HR team may also handle employee relations, payroll, benefits, and training. Human resources managers plan, direct and coordinate the administrative functions of an organization. In today’s digital environment, understanding a company’s cyber security processes is a key component of the human resources team, starting with the cyber incident response plan.

Having an up-to-date, tested plan in place is critical to ensure a business survives a cyber breach with minimal financial, reputational and internal privacy harm. Guidelines and policies tailored to the organization will help mitigate the risk of an incident — from ransomware to breaches of personal data (both externally and internally) — damaging future growth.

Cyber Incident Response Plan

A company’s cyber security program should consider the different layers of an incident response plan. A comprehensive review of a plan looks at more than technical details, it also reviews business and organizational processes, holes in policies and other aspects that impact a business.

A cyber incident response plan should include:

  • A clear chain of roles and responsibilities
  • Steps to take on detecting an incident, how to identify and contain it
  • Disclosure obligations and a communications strategy to manage media and stakeholder concerns
  • Post-incident response review and renew

The person(s) responsible for the plan should understand cyber security, the severity of incidents and knowledge of best practices to respond effectively. Often a Chief Information Officer is appointed, but usually an organization’s cyber security or IT team lead will be responsible for responding to a breach.


As with any incident plan, roles and responsibilities should be clearly defined and communicated to all key stakeholders to ensure a timely response to control the impact of a breach. Escalation procedures — how to report and mitigate an incident once detected — can then be followed effectively, from a technical and communications perspective.

A clear crisis communications plan enables organizations to maintain their brand reputation by providing timely, accurate information to key stakeholders. It includes what audience the organization should be communicating with, from internal audiences such as the board of directors and employees to external stakeholders such as customers and regulatory authorities. The contact list should be updated on a regular basis and include key vendors, service providers, government agencies and legal contacts.

Post-Incident Response

A thorough plan includes a post-incident process that will evaluate and implement lessons learned after an incident happens. These include:

  • What worked and what didn’t work within the plan.
  • Identifying the technical issue that made the organization vulnerable
  • Reviewing business process that allowed the specific vulnerability to be available (including third-party vulnerability)
  • Training awareness and testing — for end users and people involved in incident response

Table-Top Exercise

A plan can look good on paper but fail on execution, endangering an organization’s brand and bottom line. By testing the incident response plan with a table-top exercise, an organization can uncover glitches ahead of time, saving data, money and clients’ goodwill.

A table-top exercise is a discussion-based rehearsal the entire response team — executives, management, the technology team and communications personnel — participates in, based on scenarios that apply directly to the organization. The facilitator presents the information and asks the team to respond and evaluates how they go from identifying there was an incident to what steps were taken to contain and remediate the incident, the organization’s response and how they put together a communication strategy.

The team will be led through two or three scenarios, then the facilitator identifies holes in their knowledge of the existing plan, what’s in the plan and what needs to be in the plan. The exercise also looks at possible ways the incident happened and what damage it could do to the organization.


Each organization is unique and understanding its business on a comprehensive level is essential to creating an effective response strategy. Understanding the organization’s cyber incident response plan as part of the HR team will help the organization make better-informed decisions and act within a context most effective for them.

For more information contact Danny Timmins, National Cyber Security Leader, MNP at [email protected] or 905.607.9777.


  • May 16, 2024

    The critical role of the audit committee for internal audit oversight

    Unlock the full potential of internal audit and your audit committee. We explore the critical roles, responsibilities, and challenges to be aware of.

  • Confidence

    May 15, 2024

    What is the impact of financial crime and how can you reduce risks to your business?

    During Victims and Survivors of Crime Week 2024, discover the impacts of financial crime and the steps you can take to protect your business from threats.

  • Progress

    How SMARTPro Helps Enhance Practice Value

    Learn how to get your practice into a ready state for a sale with SMARTPro.