incident response plan impact

An Incident Response Plan is more than a compliance checkbox. It’s both a planned response to malicious activity and planned resilience for the future. ~ Peggy Nolan, CEO, Payment Card Assessments

I used to tell the CISO at my former company, “It’s not a matter of if you get breached but a matter of when.”

Your Incident Response plan must rise to the occasion of today’s threat landscape.

And that means you need to take it off the digital shelf.

Blow off the dust.

And make sure your business assets (including your people) are protected.

incident response quote

According to the CrowdStrike Threat Report 2025, “defenders may have less than a minute to detect and respond [to a security threat] before attackers establish deeper control.”

How responsive is your Incident Response Plan?

Your plan must include these 5 types of security threats to meet baseline security requirements as stated in the PCI Data Security Standard:

Malware Attacks

Malware defined is any software designed to sneak in and damage computer systems or networks.

It can disrupt operations, steal data, gain unauthorized access, or cause other types of harm.

Common types of malware include:

  • Viruses
  • Trojans
  • Worms
  • Ransomware
  • Spyware
  • Adware

Phishing Attacks

Online scams where criminals impersonate legitimate organizations to trick people into revealing sensitive information:

  • passwords
  • credit card details
  • personal data
  • or to install malware on their devices.

Denial of Service Attacks

A malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with traffic from multiple sources.

Incident Response Plans Must Include Insider Threats

Insider threats can be either malicious or accidental. Remember, people do peoply things,

Insider threat examples include:

  • A rogue employee stealing corporate secrets for their own benefit
  • An unsuspecting employee accidentally clicks on a phishing link
  • A compromised user’s account used to steal customer personal data, including credit card data

Advanced Persistent Threats (APTs)

An APT is a covert cyber attack on a computer network where the attacker gains and maintains unauthorized access to the targeted network. And then remains undetected on the network for a long time.

Typical objectives of an advanced persistent threats are:

  • Cyber espionage
  • Sabotage
  • Political gain
  • Financial gain

What Else Do You Need In Your Incident Response Plan?

I’m glad you asked.

We offer an in depth and on-demand training course that covers:

  • PCI DSS requirement 12.10,
  • 12.10 sub-requirements
  • Connected to requirements such as Requirement 10.4

This course is both a stand alone option or if you subscribe to our Pro Plan, it’s included there.

And very soon we’ll have an Incident Response Plan Template in our PCI Compliant SOP Template Bundle.

Need More Help? Let’s Chat!


incident responseincident response planmalwareon demand video coursesPayment Card AssessmentsPCI Compliance 365pci des requirement 12.10PCI DSS Compliancephishingsecurity threats
By Incident Response Planning, PCI DSS Compliance Training