Incident Response Planning and Table-Top Drills

Having a well-tested plan can be an organization’s best defense when hit with a cyber-attack.  Whether in the form of a BreachCoach-Badge-2023 (002)traditional system hack, account takeover, business e-mail compromise or insider threat, attacks are best countered with an educated team that is trained in incident response and ready to take action.

The HSE Privacy and Data Security Team has deep experience in responding to incidents for organizations of all sizes in varying industries, including higher education, health care, manufacturing, retail, non-profits, financial services and real-estate, to name several.  We have handled and understand the complexity of incidents, and incident preparation, under numerous regulatory regimes, including HIPAA, the New York SHIELD Act and all 50 state data breach reporting statutes, New York’s Education Law 2d, FERPA, the Gramm-Leach-Bliley Act, and GDPR.  We bring this experience to the table when we help our clients plan and prepare for the inevitable information security incident. 


A proactive engagement to develop incident response preparedness may include:

  • Review and/or development of the organization’s Incident Response Plan, aligned with relevant frameworks
  • Review and assessment of the organization’s insurance coverage in relation to incident response
  • Policy and program review and development, to ensure alignment with applicable governing regimes
  • Incident response vendor review, assessment, and contracting
  • Incident response table-top drills

Given our experience in the space, we are often able to run a table-top drill for a client at a not-to-exceed rate, allowing for clear visibility into the organization’s potential investment in the project.

Practice Makes Perfect!

No Incident Response Plan can be effective unless it is tested, and regulatory regimes are increasingly focused on proper education of team members responsible for incident response, as well as testing of the plan generally.  Plan testing brings risk, however, as a response drill can often bring to light shortcomings in the organization’s Information Security Program that can be used against the organization, for example in a litigation or regulatory investigation.  Conducting the incident response drill under HSE’s supervision not only gives your organization the benefit of our team’s deep experience and real-world insight, it also supports the protection of the attorney-client privilege, which helps allow for full and frank discussion of all potential risks for an organization arising from an incident.  In this regard, “getting it all out on the table” can be a good thing for the organization, and can add to the effectiveness of an incident response table-top drill.