Which elements are commonly included in incident response planning for cyber risk?

• A. They require the insured to file the claim within a 24-hour window.
• B. They provide only financial compensation and do not require any planning.
• C. They include notification of affected parties, internal escalation, evidence preservation, and coordination with legal/compliance.
• D. They limit the insured's liability.

Answer: (C)

In incident response planning for cyber risk, the focus is on having a structured, actionable process ready before an incident occurs. A strong plan covers how to notify affected individuals and relevant authorities in a timely and compliant way, how to escalate issues internally so the right people respond quickly, how to preserve evidence (logs, backups, and other forensics material) to understand what happened and support investigations, and how to coordinate with legal and compliance teams to ensure communications, regulatory reporting, and contractual obligations are handled properly. These elements work together to minimize damage, meet legal requirements, and maintain the integrity of the investigation. The other options describe aspects that aren’t about the proactive response process—such as timing for insurance claims, purely financial compensation, or liability terms—which don’t capture how an organized incident response is supposed to function.