Emergency Contacts

Security Incident Contacts Sheet

A comprehensive emergency contact sheet for security incidents. Keep this information readily accessible to all incident response team members for quick escalation and communication during critical situations.

Download Contact Sheet (Excel) Print Contact Sheet

Emergency Response Priority

CRITICAL

Data breach, ransomware, complete outage

Call immediately:

1. Incident Response Leader

2. Executive Leadership

3. Legal Counsel

HIGH

Malware, compromise, service outage

Call within 1 hour:

1. Incident Response Leader

2. IT Manager

3. Security Lead

MEDIUM

Suspicious activity, minor breach

Call within 4 hours:

1. IT Manager

2. Security Lead

LOW

Failed logins, spam, minor anomaly

Document & monitor:

1. Security Lead

2. IT Support

Internal Emergency Contacts

Priority: Primary

Export Section

Incident Response Leader

[Name]

[Title]

(_) _-__

incident-lead@company.com

Alt: (_) _-__

Primary decision maker for all incidents

IT Manager

[Name]

[Title]

(_) _-__

it-manager@company.com

Alt: (_) _-__

Technical systems and infrastructure

Security Lead

[Name]

[Title]

(_) _-__

security@company.com

Alt: (_) _-__

Security tools and threat analysis

Executive Leadership

[Name]

CEO/President

(_) _-__

ceo@company.com

Alt: (_) _-__

Final authority for major decisions

Legal & Compliance

Priority: Secondary

Export Section

Legal Counsel

[Law Firm Name]

Attorney

(_) _-__

legal@lawfirm.com

Alt: (_) _-__

Breach notification and legal requirements

Privacy Officer

[Name]

DPO/Privacy Officer

(_) _-__

privacy@company.com

Alt: (_) _-__

GDPR, CCPA, and privacy compliance

Compliance Manager

[Name]

Compliance Officer

(_) _-__

compliance@company.com

Alt: (_) _-__

Industry-specific compliance requirements

External Service Providers

Priority: Secondary

Export Section

Cyber Insurance Provider

[Insurance Company]

Claims Department

1-800-XXX-XXXX

cyberclaims@insurance.com

Alt: Policy #: __________

Report breaches within 24-48 hours

Forensics Firm

[Forensics Company]

Incident Response Team

1-800-XXX-XXXX

emergency@forensics.com

Alt: (_) _-____

24/7 emergency response available

MSP/IT Support

[IT Company Name]

Emergency Support

1-800-XXX-XXXX

emergency@itcompany.com

Alt: Account #: __________

Managed services and infrastructure support

Public Relations

[PR Firm/Agency]

Crisis Communications

(_) _-__

crisis@prfirm.com

Alt: (_) _-__

Media relations and public communications

Government & Law Enforcement

Priority: As Required

Export Section

FBI Cyber Division

Internet Crime Complaint Center

IC3

File online report

https://ic3.gov

Alt: Local FBI Field Office

For cybercrime reporting

State Attorney General

[State] AG Office

Consumer Protection

(_) _-____

cybersecurity@state.gov

Alt: Online reporting available

State breach notification requirements

Local Police

[City] Police Department

Detective Division

(_) _-____

detective@police.gov

Alt: 911 (emergencies only)

For criminal activity or threats

Regulatory Body

[Industry Regulator]

Compliance Department

(_) _-____

compliance@regulator.gov

Alt: Online portal available

Industry-specific reporting requirements

Critical Vendors & Partners

Priority: As Needed

Export Section

Cloud Provider

[AWS/Azure/GCP]

Security Team

1-800-XXX-XXXX

security@cloudprovider.com

Alt: Support ticket system

Infrastructure and security services

Payment Processor

[Payment Company]

Fraud Department

1-800-XXX-XXXX

fraud@payments.com

Alt: Merchant account #: ______

Payment card data incidents

Key SaaS Provider

[Software Company]

Security Response

1-800-XXX-XXXX

security@saasprovider.com

Alt: Customer success manager

Critical business application provider

Internet Service Provider

[ISP Name]

Business Support

1-800-XXX-XXXX

business@isp.com

Alt: Account #: __________

Network connectivity and security

Escalation Decision Matrix

Severity	Response Time	Who to Contact	Key Actions	Examples
Critical	Immediate	• Incident Response Leader • IT Manager • Executive Leadership	• All hands on deck • External experts • Media preparation	• Data breach • Ransomware • Complete system failure
High	< 1 Hour	• Incident Response Leader • IT Manager • Security Lead	• Containment focus • Legal consultation • Stakeholder notification	• Malware infection • Account compromise • Service outage
Medium	< 4 Hours	• IT Manager • Security Lead	• Investigation and analysis • Monitoring enhancement • Preventive measures	• Suspicious activity • Minor breach • Policy violation
Low	< 24 Hours	• Security Lead • IT Support	• Documentation • Trend analysis • Process improvement	• Failed login attempts • Spam increase • Minor anomaly

Communication Templates

Initial Incident Alert

INCIDENT ALERT: [BRIEF DESCRIPTION] Severity: [LEVEL] Time Detected: [TIME] Systems Affected: [SYSTEMS] Initial Response: [ACTIONS] Next Update: [TIME]

Status Update

INCIDENT UPDATE: [INCIDENT ID] Status: [ONGOING/CONTAINED/RESOLVED] Progress: [SUMMARY] ETA Resolution: [TIME] Next Update: [TIME]

Incident Resolution

INCIDENT RESOLVED: [INCIDENT ID] Resolution Time: [TIME] Root Cause: [SUMMARY] Actions Taken: [LIST] Post-Incident Review: [SCHEDULED]

Contact Management Best Practices

Maintenance Checklist

Review and update contacts quarterly Test all phone numbers annually Verify email addresses and backup contacts Update organizational changes immediately Maintain both digital and printed copies Distribute updates to all team members

Access & Distribution

✓ Store securely but accessibly (password manager)
✓ Provide to all incident response team members
✓ Include in incident response kits/go-bags
✓ Post in secure team collaboration tools
✓ Have offline/printed backup copies
✓ Train team on using the contact sheet

During an Incident

✓ Stay calm and follow procedures
✓ Call appropriate contacts immediately
✓ Document all communications
✓ Use secure communication channels
✓ Brief contacts on situation status

Communication Tips

✓ Lead with severity and impact
✓ Provide clear, factual information
✓ Set expectations for next update
✓ Use established escalation paths
✓ Confirm receipt of critical messages

After Resolution

✓ Notify all stakeholders of resolution
✓ Schedule post-incident review
✓ Update contact information as needed
✓ Document lessons learned
✓ Thank external partners for assistance

Keep Your Team Connected During Crisis

Download and customize this contact sheet for your organization. Regular maintenance and training ensure your team can respond quickly and effectively when every minute counts.

Download Contact Sheet (Excel) Get Implementation Help

Stay Updated

Subscribe to our newsletter for cybersecurity news and updates

We respect your privacy. Unsubscribe at any time.

Security Incident Contacts Sheet

Emergency Response Priority

Internal Emergency Contacts

Incident Response Leader

(___) ___-____ incident-lead@company.com Alt: (___) ___-____

Primary decision maker for all incidents Call Email Edit

IT Manager

(___) ___-____ it-manager@company.com Alt: (___) ___-____

Technical systems and infrastructure Call Email Edit

Security Lead

(___) ___-____ security@company.com Alt: (___) ___-____

Security tools and threat analysis Call Email Edit

Executive Leadership

(___) ___-____ ceo@company.com Alt: (___) ___-____

Final authority for major decisions Call Email Edit

Legal & Compliance

Legal Counsel

(___) ___-____ legal@lawfirm.com Alt: (___) ___-____

Breach notification and legal requirements Call Email Edit

Privacy Officer

(___) ___-____ privacy@company.com Alt: (___) ___-____

GDPR, CCPA, and privacy compliance Call Email Edit

Compliance Manager

(___) ___-____ compliance@company.com Alt: (___) ___-____

Industry-specific compliance requirements Call Email Edit

External Service Providers

Cyber Insurance Provider

1-800-XXX-XXXX cyberclaims@insurance.com Alt: Policy #: __________

Report breaches within 24-48 hours Call Email Edit

Forensics Firm

1-800-XXX-XXXX emergency@forensics.com Alt: (___) ___-____

24/7 emergency response available Call Email Edit

MSP/IT Support

1-800-XXX-XXXX emergency@itcompany.com Alt: Account #: __________

Managed services and infrastructure support Call Email Edit

Public Relations

(___) ___-____ crisis@prfirm.com Alt: (___) ___-____

Media relations and public communications Call Email Edit

Government & Law Enforcement

FBI Cyber Division

File online report https://ic3.gov Alt: Local FBI Field Office

For cybercrime reporting Call Email Edit

State Attorney General

(___) ___-____ cybersecurity@state.gov Alt: Online reporting available

State breach notification requirements Call Email Edit

Local Police

(___) ___-____ detective@police.gov Alt: 911 (emergencies only)

For criminal activity or threats Call Email Edit

Regulatory Body

(___) ___-____ compliance@regulator.gov Alt: Online portal available

Industry-specific reporting requirements Call Email Edit

Critical Vendors & Partners

Cloud Provider

1-800-XXX-XXXX security@cloudprovider.com Alt: Support ticket system

Infrastructure and security services Call Email Edit

Payment Processor

1-800-XXX-XXXX fraud@payments.com Alt: Merchant account #: ______

Payment card data incidents Call Email Edit

Key SaaS Provider

1-800-XXX-XXXX security@saasprovider.com Alt: Customer success manager

Critical business application provider Call Email Edit

Internet Service Provider

1-800-XXX-XXXX business@isp.com Alt: Account #: __________

Network connectivity and security Call Email Edit

Escalation Decision Matrix

Communication Templates

Initial Incident Alert

Status Update

Incident Resolution

Contact Management Best Practices

Maintenance Checklist

Access & Distribution

During an Incident

Communication Tips

After Resolution

Keep Your Team Connected During Crisis

Stay Updated

(_) _-__

incident-lead@company.com

Alt: (_) _-__

Primary decision maker for all incidents

(_) _-__

it-manager@company.com

Alt: (_) _-__

Technical systems and infrastructure

(_) _-__

security@company.com

Alt: (_) _-__

Security tools and threat analysis

(_) _-__

ceo@company.com

Alt: (_) _-__

Final authority for major decisions

(_) _-__

legal@lawfirm.com

Alt: (_) _-__

Breach notification and legal requirements

(_) _-__

privacy@company.com

Alt: (_) _-__

GDPR, CCPA, and privacy compliance

(_) _-__

compliance@company.com

Alt: (_) _-__

Industry-specific compliance requirements

1-800-XXX-XXXX

cyberclaims@insurance.com

Alt: Policy #: __________

Report breaches within 24-48 hours

1-800-XXX-XXXX

emergency@forensics.com

Alt: (_) _-____

24/7 emergency response available

1-800-XXX-XXXX

emergency@itcompany.com

Alt: Account #: __________

Managed services and infrastructure support

(_) _-__

crisis@prfirm.com

Alt: (_) _-__

Media relations and public communications

File online report

https://ic3.gov

Alt: Local FBI Field Office

For cybercrime reporting

(_) _-____

cybersecurity@state.gov

Alt: Online reporting available

State breach notification requirements

(_) _-____

detective@police.gov

Alt: 911 (emergencies only)

For criminal activity or threats

(_) _-____

compliance@regulator.gov

Alt: Online portal available

Industry-specific reporting requirements

1-800-XXX-XXXX

security@cloudprovider.com

Alt: Support ticket system

Infrastructure and security services

1-800-XXX-XXXX

fraud@payments.com

Alt: Merchant account #: ______

Payment card data incidents

1-800-XXX-XXXX

security@saasprovider.com

Alt: Customer success manager

Critical business application provider

1-800-XXX-XXXX

business@isp.com

Alt: Account #: __________

Network connectivity and security