person working on a tablet

Securing Your Business: Human Resources and the need for a Cyber Breach Response Plan

Securing Your Business: Human Resources and the need for a Cyber Breach Response Plan

4 Minute Read

Understanding a company’s cyber security processes is a key component of the human resources team’s role in risk management. Find out more in this blog.

The role of human resources (HR) in a company has evolved from meeting basic employee needs to be responsible for recruiting, screening, interviewing and placing workers. The HR team may also handle employee relations, payroll, benefits, and training. Human resources managers plan, direct and coordinate the administrative functions of an organization. In today’s digital environment, understanding a company’s cyber security processes is a key component of the human resources team, starting with the cyber incident response plan.

Having an up-to-date, tested plan in place is critical to ensure a business survives a cyber breach with minimal financial, reputational and internal privacy harm. Guidelines and policies tailored to the organization will help mitigate the risk of an incident — from ransomware to breaches of personal data (both externally and internally) — damaging future growth.

Cyber Incident Response Plan

A company’s cyber security program should consider the different layers of an incident response plan. A comprehensive review of a plan looks at more than technical details, it also reviews business and organizational processes, holes in policies and other aspects that impact a business.

A cyber incident response plan should include:

  • A clear chain of roles and responsibilities
  • Steps to take on detecting an incident, how to identify and contain it
  • Disclosure obligations and a communications strategy to manage media and stakeholder concerns
  • Post-incident response review and renew

The person(s) responsible for the plan should understand cyber security, the severity of incidents and knowledge of best practices to respond effectively. Often a Chief Information Officer is appointed, but usually an organization’s cyber security or IT team lead will be responsible for responding to a breach.


As with any incident plan, roles and responsibilities should be clearly defined and communicated to all key stakeholders to ensure a timely response to control the impact of a breach. Escalation procedures — how to report and mitigate an incident once detected — can then be followed effectively, from a technical and communications perspective.

A clear crisis communications plan enables organizations to maintain their brand reputation by providing timely, accurate information to key stakeholders. It includes what audience the organization should be communicating with, from internal audiences such as the board of directors and employees to external stakeholders such as customers and regulatory authorities. The contact list should be updated on a regular basis and include key vendors, service providers, government agencies and legal contacts.

Post-Incident Response

A thorough plan includes a post-incident process that will evaluate and implement lessons learned after an incident happens. These include:

  • What worked and what didn’t work within the plan.
  • Identifying the technical issue that made the organization vulnerable
  • Reviewing business process that allowed the specific vulnerability to be available (including third-party vulnerability)
  • Training awareness and testing — for end users and people involved in incident response

Table-Top Exercise

A plan can look good on paper but fail on execution, endangering an organization’s brand and bottom line. By testing the incident response plan with a table-top exercise, an organization can uncover glitches ahead of time, saving data, money and clients’ goodwill.

A table-top exercise is a discussion-based rehearsal the entire response team — executives, management, the technology team and communications personnel — participates in, based on scenarios that apply directly to the organization. The facilitator presents the information and asks the team to respond and evaluates how they go from identifying there was an incident to what steps were taken to contain and remediate the incident, the organization’s response and how they put together a communication strategy.

The team will be led through two or three scenarios, then the facilitator identifies holes in their knowledge of the existing plan, what’s in the plan and what needs to be in the plan. The exercise also looks at possible ways the incident happened and what damage it could do to the organization.


Each organization is unique and understanding its business on a comprehensive level is essential to creating an effective response strategy. Understanding the organization’s cyber incident response plan as part of the HR team will help the organization make better-informed decisions and act within a context most effective for them.

For more information contact Danny Timmins, National Cyber Security Leader, MNP at [email protected] or 905.607.9777.


  • Performance

    April 16, 2024

    Software in British Columbia: Taxation in perpetual motion

    What software is taxable in British Columbia for PST purposes? Discover the changes introduced in the province’s 2024 budget.

  • Performance

    April 16, 2024

    2024 Federal Budget Highlights

    View MNP’s full tax analysis of the 2024 federal budget.

  • Progress

    Your farm succession plan isn’t complete until it exists in writing

    The average age of farmers in Canada is increasing. Having a written succession plan becomes more important as you age, to help secure your legacy, protect your farm operation, and reduce conflict.