CYBER INCIDENT RESPONSE AND RECOVERY FOR AUSTRALIAN DIRECTORS
KEY QUESTIONS
- Are roles and responsibilities comprehensively documented, including the role of the Chair and specific directors in the event of a significant incident?
- Are the processes for key decisionmaking and external support detailed in the response plan?
- Do we have a comprehensive approach and plan to communicating with internal and external stakeholders, including responsibilities for notifying and engaging with regulators and approving market disclosures?
- Do we understand how insurance would operate in the event of an incident and the support the insurer can/cannot provide?
- Do we regularly scenario test or conduct a simulation on our response plan? How often do we review the response plan and update it to ensure it reflects organisational changes and the current threat environment?
