Developing plans for how utilities will respond to cyber incidents is critical for quick recovery and restoration from such events. An effective cyber incident response (IR) plan will limit damage and reduce recovery time and costs. Most importantly, the IR plan needs to be in place and tested before a cyber incident occurs; nonetheless, research reveals cyber incident response plans are still largely ineffective. The recently released Verizon Incident Preparedness and Response Report (VIPR) – Taming the data beast (sic) breach edition is a valuable resource to help organizations create or improve cyber incident mitigation and response efforts. The VIPR is based on three years of IR plan assessments and data breach simulation recommendations and walks through six main sections of an effective IR plan: planning and preparation, detection and validation, containment and eradication, collection and analysis, remediation and recovery, and assessment and adjustment. The highlight of the report – Breach Simulation Kits (BSKs) to help facilitate tabletop exercises/workshops and each designed to enforce various steps of the IR process. The BSKs include common attack scenarios, including cryptocurrency mining, an insider threat involving a compromise to PCI data, an ICS attack, cyber espionage, and a compromise via third party managed service provider (MSP). The VIPR is a good resource companion to WaterISAC’s 15 Cybersecurity Fundamentals #11 Plan for Incidents, Emergencies and Disasters. Download the full VIPR at Verizon