Cybersecurity Series: Incident Management

The majority of organisations are now working on the assumption that some kind of cybersecurity incident is inevitable at some point…

So the worst happens, and you have had one of those fabled cyber security breaches that you thought only happened to other people, and perhaps:

  • you can’t access any files because they have all been encrypted by an attacker;
  • you will have to inform your customers that you forgot to check your website for vulnerabilities and an attacker now has their credit card details;
  • or, you know something has happened, but you are not entirely sure what, how to find out and whether or not it’s still happening.

It isn’t possible to implement perfect security, so the important question is what do you plan to do when you are faced with the situation above? If what you are currently imagining looks a bit like a scene from Faulty Towers, or you do not understand what data protection requires you to do, then we’ve prepared an overview of a set of processes intended to help organisations plan how to react to a cyber security incident.

Information provided in this download is loosely based on guidelines from the international standard for information security incident management (ISO 27035) and GDPR requirements.


Clayden Law has teamed up with technical expert, Emma Osborn. and over the next few months we will provide some back-to-basics analysis of the technical, legal and data protection issues surrounding cybersecurity, aimed at organisations’ non-technical decision-makers. Together, we’ll be highlighting key cybersecurity and data privacy fundamentals and looking at the interplay between law and practice in this area. For more information, click here