Beyond Compliance: cyber incident response plan and simulation training


Following recent high-profile cyber incidents impacting Optus (see our article No Optus – Australia’s largest data breach) and Medibank, Australian organisations should be taking steps to mitigate cyber risk and ensure they have an adequate and tested cyber incident response plan (IR Plan) in place.

With the Optus breach, the Office of the Australian Information Commissioner (OAIC) and the Australian Communications and Media Authority have announced a coordinated investigation into Optus’ storage and management of its customers' data. One law firm has already filed a class action against Optus with the OAIC, with another assessing the issues.

As cyber attacks become more prevalent, a rapid, planned and holistic response is crucial. This ensures that incidents are identified, contained and investigated in a timely manner.

Cyber Incident Response Plan

A key part of being well prepared is understanding that cyber risk cannot be eliminated. While there are various steps that can materially reduce the risk, all businesses should be prepared for a cyber attack. When attacks occur, businesses should rely on a prepared and tested IR Plan to respond promptly and decisively to a cyber incident, limiting its impact and supporting recovery.

Simulation training

Many businesses are yet to prepare an IR Plan or only discover gaps when they are responding to an incident. When there is no plan or gaps are only identified during the crisis, businesses are less prepared to effectively manage the complex processes and coordination that takes place in combating an incident.

The most effective way to train organisations to handle cyber risk is to run through a simulated cyber incident and test an IR Plan. This will help identify vulnerabilities – which can then be patched and strengthened.

Be prepared: how we can help

Led by Eden Winokur, Partner & Head of Cyber, our expert cyber team are delivering half-day or full-day workshops tailored to help businesses implement and test their IR Plan.

Now is the time for businesses to invest in being prepared. This is a small price to pay when considering the devastating effects a cyber incident may have on your organisation and its customers or clients.

Workshops are bespoke and can include:

  • Assessment of your IR Plan
  • Detailed report identifying gaps and areas where further work can be undertaken
  • Scenario / simulation training

Watch our Head of Cyber Eden Winokur as he explains how we can help clients.

Listen to our cyber podcast

Cyber permeates every aspect of our lives. Find out how to be cyber aware with Head of Cyber Eden Winokur in our podcast – Cyberzone.

Key contacts

Eden Winokur
Partner & Head of Cyber

Eden is a leading cyber, privacy, disputes and insurance lawyer who heads the Hall & Wilcox cyber practice.

More about Eden

Alison has more than 20 years’ experience in a wide-ranging employment and privacy practice.

More about Alison
John Gray
Partner, Technology & Digital Economy Co-Lead and NSW Government Co-Lead

John is a corporate lawyer specialising in technology and IP law, particularly for IT, telecommunications and media clients.

More about John

Featured thinking