Over the past several years, I’ve had the pleasure of working with many financial institutions (FIs) reviewing and testing both their Incident Response Plan (IRP) for Cyber Security and Business Continuity/Disaster Recovery Plans (BC/DRP). I am pleased to say that most FIs have plans in place to deal with unplanned outages, whether cyber or disaster related. However, the effectiveness of those plans to truly protect the FI and its customers is highly dependent on testing the plan at various levels.
One of the challenges of testing is keeping people involved and excited about the testing process. Getting them to show up for the tests, and more importantly, to follow up and modify their portion of the plan based on the test results.