I am interested in
The “Search” function is not available at the moment, please try again later.
Please get in contact with us. To contact form

IT emergency response management for your SME.

Key points at a glance
Cybercriminals are quick to exploit opportunities such as security gaps in an IT system or members of staff clicking on an infected e-mail attachment. IT security managers are invariably at a disadvantage, because they have to safeguard and defend all potential points of entry. While technical and organizational measures in the areas of IT and OT can make a successful cyber attack significantly less likely, no company can achieve 100% protection against cyber attacks.

What's an IT emergency response plan?

An IT emergency response plan, also known as a cyber incident response plan or CIRP for short, allows you to prepare for a serious incident.

The objective of an IT emergency response plan is to mitigate downtime and the financial impact of a cyber incident. It helps to communicate quickly and professionally in the event of such an incident, so as to counteract possible reputational damage in good time. It also helps ensure that employees behave correctly in the event of an incident without panicking: they can follow the defined plan and know what to do, resulting in significantly fewer mistakes.

Good to know

A full business continuity management plan is not focused solely on the failure of the information technology resource – it also addresses the failure of resources such as personnel, infrastructure (buildings and facilities, for example) and service providers. This catalogue of measures focuses on IT emergencies only. It is primarily aimed at business and IT managers in small and medium-sized enterprises.

How can you best prepare for an IT emergency?

  • Appoint officers for IT/OT security and emergency management issues in your company (if possible, not the same people).
  • Identify time-critical business processes, assets (crown jewels) and emergency-critical systems (e.g. address database, e-mail system, appointment calendar). Prioritize and implement protective measures for these.
  • Ensure that you have individual initial measures in place for IT incidents (including alerting and reporting channels within the company, for example). Be sure to print out your emergency plan and tell your relevant units where it is stored. In the event of a cyber attack you may no longer have access to your IT system.
  • Define contingency levels (e.g. provide replacement PCs, equip all workstations with at least two web browsers etc.).
  • Define measures to recover your systems quickly, and consider how work could be continued in the event of critical system failures, including cloud systems and solutions (e.g. print out key contact details, use alternative infrastructures, software and platforms, provide migration tools).
  • Clarify with your IT service providers what kind of IT incidents they can help you with (including ransomware, denial of service (DoS), cyber fraud, website hacking).
  • Identify other IT service providers who could help you to cope in such situations, and contact them if necessary. Our network of experts can help you here.
  • Establish rules for internal and external communication. Our partner Farner Consulting AG will be happy to provide press and public relations assistance.
  • Draw up a list of contacts, detailing their tasks and roles as well as when they are available. This list can include IT service providers, public relations partners, legal consultants, police and insurance providers, for example.
  • Think of basic organizational and technical protection measures. Our cyber security checklist will help you with this.
  • Put active monitoring measures in place for your IT landscape. Our partner Coinnect offers a suitable service for this.
  • Comply with data protection requirements, including Switzerland's Federal Act on Data Protection and the EU's General Data Protection Regulation (GDPR).
  • Have your IT infrastructure checked for vulnerability (e.g. by means of penetration tests or bug bounty programmes). Our partner GObugfree offers a suitable service for this.
  • Make an inventory of your IT infrastructure (including a network plan). In addition, keep a record of who works with which system (names and phone numbers) so that you can provide targeted information in an emergency.
  • Network your systems restrictively (network segmentation).
  • Prepare reporting channels for external reporting obligations (data protection, critical infrastructures, cyber insurance etc.).
Support from a network of experts you can trust
Whether we are helping you with a claim or providing you with risk consulting, you can count on our support and our skilled network of experts.

How can I ensure that my business is prepared for an IT emergency at all times?

  • Check the security status of your IT systems on an ongoing basis (e.g. through the regular certification of your IT/OT security). Our partner cyber-safe offers a suitable service for this.
  • Carry out IT emergency drills (e.g. scenarios such as server failures or cyber attacks). Practice will help you develop the professionalism and skills that will enable you to identify loopholes and gaps in your safeguarding framework.
  • Designate an appropriate first point of contact for IT emergencies and ensure that they can be reached. Remember that while not every hardware or software malfunction is the result of a cyber attack, any failure in an IT system could be due to such an attack.
  • Ensure that your staff know who to contact in an IT emergency (e.g. by using an IT emergency card).

What should my business do to best handle an IT emergency situation?

  • Contact everyone in the organization whose support you need.
  • Ask affected users about their observations and activities.
  • In the event of a cyber attack, disconnect the affected systems from networks (cable and WLAN/WiFi).
  • Contact IT service providers who can help you with the recovery.
  • Notify the provider of your cyber insurance (if you have one). If you wish, you can also obtain support in various areas through our network of experts. (Keyword: crisis management).
  • Collect and back up system logs, log files, etc.
  • Document facts that could be related to the emergency.
  • Consider contacting the cantonal police and the National Cyber Security Centre (NCSC).
  • Observe the reporting obligations (under the Swiss Federal Act on Data Protection and the GDPR, inter alia).

Sample letter to customers following a cyber attack

Good to know

In the event of cyber fraud with financial loss, you are strongly advised to contact your bank, the police and/or a specialist company immediately in order to stop any payments.

What points do I need to pay attention to following an IT incident?

  • Close any vulnerabilities and security loopholes revealed by the IT emergency.
  • Monitor and supervise your network and IT systems particularly thoroughly in the aftermath to make sure they are functioning properly again, and to detect any attempted repeat attack in good time.
  • Lessons learned: Review the existing regulations, processes and measures, optimizing them if necessary.
  • Keep your emergency management documentation up to date.
  • Refine your IT security architecture.

Contact & advice.
Make an appointment today.

A free consultation without obligation
Tailored risk consultation and insurance proposal
Over the phone, in your home or at an agency close to you


This guide to IT emergency response plans has been prepared with the greatest care in order to give readers useful information and assistance. Helvetia provides no warranty that the content is accurate, complete or up to date, and accepts no liability in respect thereof. Helvetia refuses any and all liability for loss or damage that may arise from the implementation or use of the measures presented herein.