In a world where cyber threats often hold the potential to threaten business survival—no matter a business’s size or industry—incident response has become part and parcel of comprehensive cyber cover. Because when a cyber incident strikes, it takes a team of experts to triage the incident, respond and minimize impact.
Bob Scott-Kerr, Director of Cyber Incident Management, joined CFC with a single mission in mind: to mitigate risk for our policyholders. We sat down to get the story on his career so far, from fighting serious organized crime with the Metropolitan Police, to being a leading figure at the National Crime Agency and beyond.
Tell us about your background
In my career, I’ve worked on the frontlines responding to all kinds of crime. It started with five years on a 999 response team in Northwest London, where I tackled serious incidents head-on, finding immense satisfaction in solving problems under pressure. From there, I became a detective specializing in serious organized crime, leading surveillance operations and investigations into large-scale drug importation.
When the opportunity arose to transition into cybercrime, my IT background and love for complex cases made it a natural fit. In the Metropolitan Police, I worked on groundbreaking cases like the TalkTalk hack back in 2015, which thrust cyber security into the national spotlight, and played a key role in investigations against sanctioned groups like Evil Corp. It was fascinating being front and center just when cybercrime entered the public consciousness. At the National Crime Agency my work extended internationally, including building relationships with Ukraine to strengthen its cyber defenses and collaborating with global partners to combat sophisticated threats.
After 20 years in law enforcement, I saw how cyber insurance was transforming the landscape by raising security standards and supporting businesses. CFC’s innovative approach and forward-thinking mission to protect businesses from emerging risks made joining the team an exciting next chapter in my career.
I saw how cyber insurance was transforming the landscape by raising security standards and supporting businesses. Bob Scott-Kerr, Director of Cyber Incident Management
Why is incident response important and what’s your daily mission?
We see cyber insurance as not just a promise to pay, but a promise to protect. We do this firstly through proactive cyber services, to help stop incidents from ever happening. But if one does occur, responding quickly and effectively is vital to minimizing the financial, business and reputational impact. Most businesses don’t have access to an incident response provider, and hiring one in the heat of the moment comes at a significant cost. But through our cyber policies, insureds get access to the largest in-house cyber security and incident response team in market, on call 24/7.
In my role it’s my daily mission to ensure insureds are given all the support they need to navigate a crisis. Within 15 minutes of notification, we provide expert guidance for the specific incident they’re facing. By giving clear, actionable steps, we help to mitigate the impact on the organization and provide all the necessary resources to get operations back up and running.
What did your time at the National Crime Agency teach you about cyber threats?
I learned trust is the foundation of a successful response. In a past role, I dealt with an incident where the vendor we assigned failed to inspire confidence. The IT director called me afterward, saying they had no faith in the response. I had to step in, rebuild that trust, and make sure the incident was handled smoothly. It was a stark reminder of how easily you can lose the room—and how much harder everything becomes if you do.
At CFC, in every response call we demonstrate our knowledge and capability to provide support. Those first few moments set the tone—once our capability and expertise is established, our insureds are far more comfortable and likely to take our advice, helping them to recover quickly and minimize the overall cost of a claim.
What should businesses look for in an effective incident response service?
The cyber incident response market can be a confusing space to navigate. Finding a provider that provides quick response times, clear communication, experienced professionals and thorough post-incident analysis is a good start. But it’s not uncommon to come across providers claiming extensive capabilities, only to find out they’re operating with just a small team.
It’s my daily mission to ensure insureds are given all the support they need to navigate a crisis. Within 15 minutes of notification, we provide expert guidance for the specific incident they’re facing. Bob Scott-Kerr, Director of Cyber Incident Management
That’s why having access to trusted and tested services through your insurer can be such a game-changer. Insurers like CFC have already done the legwork. When you partner with us, you know you’re gaining access to a team that’s already helping to protect thousands of businesses across globe.
What can businesses do to make the incident response service as effective as possible?
Preparation makes all the difference. One of the most valuable things a business can have on hand is a network map. It’s surprising how many organizations don’t fully understand their infrastructure or how their systems are connected. A clear, up-to-date map of your network can help the incident response team identify and isolate affected areas quickly, minimizing the impact.
Recovery planning is another crucial element. Many businesses have backup systems in place, but they’ve never tested the process of restoring environments from those backups. Knowing how long recovery takes and ensuring the process works smoothly is essential for disaster recovery. Testing and refining your backup and restoration plan before an incident occurs will save precious time.
Finally, businesses should identify their critical services and data. For example, if email is a critical service, prioritizing its restoration can get the organization back up to 99% operational. Similarly, knowing what data you store, where it’s located and its level of sensitivity can guide the response team’s efforts. This is also an opportunity to assess if you’re holding unnecessary or outdated data, reducing your exposure to potential breaches and the need to notify impacted data subjects. Thoughtful preparation in these areas can significantly enhance the effectiveness of your incident response team when an incident happens.
Learn more about incident response and additional services that come with cyber insurance in our guide.
