Preparing for a Cyber Incident

Framework for preparing for a cyber incident: Identify, Protect, Detect, Respond, Recover.

Best Practices for Cyber Incident Response and Reporting

Cyber incidents and data breaches continue to occur across the globe, targeting organizations across all industries and sectors. The worldwide monetary loss to cybercrime is measured in the hundreds of billions. The rise of e-commerce and complex supply chains, mixed with the increasingly sophisticated tools used by cybercriminals creates a challenge for cybersecurity. 

A comprehensive and integrated approach to cybersecurity with organized cyber incident response policies is the best defense. An organization cannot anticipate every disruption or prevent every cyber incident. Organizations must anticipate an evolving risk environment and be prepared to respond at a moment's notice when a disruption occurs. 



  • Establish liaison and partnerships
  • Study the legal framework
  • Understand legal responsibilities 
  • Maintain cyber awareness


  • Determine vulnerabilities
  • Prioritize and institute cybersecurity measures
  • Monitor the network
  • Develop policies and conduct training
  • Develop a communication strategy
  • Consider retaining legal services 
  • Consider retaining Incident Response (IR) services
  • Prepare for evidence preservation
  • Create an IR Plan



  • Assess the incident
  • Implement protective measures
  • Document the response
  • Preserve evidence
  • Contact law enforcement
  • Contact regulators



  • Continue monitoring
  • Notify other organizations
  • Conduct a post-incident review
  • Adjust the Incident Response (IR) Plan

Information provided by the United States Secret Service Cybercrime Investigations. This guide does not constitute legal advice and is only for reference purposes. Click here to view the entire US Secret Service Cyber Preparedness Chart.