1.1 This strategy and plan builds on and supplements our other data management and security policies and procedures, namely our:

• 1.1.1 [[Data protection policy]]

• 1.1.2 [[Data breach plan]]

• 1.1.3 [[Information management and security policy]]

• 1.1.4 [[Bring your own device policy]]

• 1.1.5 [[Password policy]]

• 1.1.6 [[Information Communications Technology (ICT) Plan]]

• 1.1.7 [[Internet and electronic communications policy (including social media)]]

• 1.1.8 [[Remote working and removable media policy]]

• 1.1.9 [[Business continuity plan (BCP)]]

2.1 The purpose of this document is to establish systems and controls to protect the [firm OR company] from cybercriminals and associated cybersecurity risks, as well as set out an action plan should the [firm OR company fall victim to cybercrime.

2.2 This plan is relevant to all staff[ in every office].

3.1 [Insert name] is responsible for this strategy and plan.

3.2 They are responsible for:

• 3.2.1 conducting and maintaining cybercrime/cyber security risk assessments

• 3.2.2 monitoring compliance with this strategy and related policies and procedures

• 3.2.3 invoking the relevant incident management plan, as appropriate and in conjunction with the business continuity team