
Member Exclusive: The AI incident response plan every comms team needs
Triggers, roles, tabletop exercises and real-world checklists to help communicators respond with clarity—before a model makes headlines for the wrong reasons.
By Robbie Caploe, director of strategic initiatives, Ragan Communications
In 2026, AI incidents won’t be edge cases — they’ll be routine moments of leadership.
A chatbot will hallucinate a policy. A model will expose data it shouldn’t. A well-meaning automation will misfire in public. Communications leaders will be the ones expected to translate technical failure into human trust, often in minutes.
That’s why an AI Incident Response Plan (IRP) is no longer an IT document. It’s a core comms playbook, right next to crisis protocols and media guidelines.
The resources here are designed to help you define triggers, roles, language and guardrails so when something goes wrong, your team responds with clarity. Katelyn Ringrose, associate at McDermott Will & Schulte and advisor to Ragan's Center for AI Strategy, detailed what should be included.
"An Incident Response Plan should be highly tailored to the company it belongs to,” said Ringrose. “For example, a consumer-facing entity might have an entirely different protocol for responding to customer inquiries than a business-to-business entity. Companies with greater reliance on the supply chain might have a heightened protocol for dealing with downstream vendors. Finally, companies dealing with the government or in the critical infrastructure space may have enhanced data retention and reporting obligations that must be outlined in their Incident Response Plan."
The plan should also be a living document. "An Incident Response Plan cannot be a stagnant document," she said. "It must be tried and true, which is why regular tabletop exercises are essential.”
Toward that end, Ringrose shared a checklist to use as communicators formulate their own IRPs. In addition, check out the attached Fact Sheet from CISA, the Cybersecurity and Infrastructure Security Agency.
If you’re ready to try a tabletop exercise, CISA has several to choose from using this link.
Data Security Incident Quick Reference Guide
Execute your data breach response plan
- Alert your incident response team, which should include legal counsel.
- If you do not have a data breach response plan, legal counsel can coordinate the response.
- Engage your public relations/communications/crisis management team.
Engage your legal counsel and privacy compliance teams
- Identify legal obligations.
- Identify contractual obligations.
Identify and notify insurance providers
- Work with legal counsel to identify potential coverage and notify insurers.
Identify the scope of the breach
- Determine what personally identifiable information is at risk.
- Determine if other information, financial accounts or systems are at risk.
Have a computer forensics expert investigate, and repair as needed
- Secure compromised devices and preserve evidence.
- Find out if any countermeasures, such as encryption, were enabled when the compromise occurred.
- Analyze preserved or reconstructed data sources.
- Ascertain the number of individuals potentially affected and type of information compromised.
- Inform law enforcement as necessary.
Prepare communications to affected/required individuals
- Consider requirements under state/federal notification statutes, such as:
- California Data Breach Notification Law, Cal. Civ. Code §§ 1798.29 & 1798.82
- New York SHIELD Act, N.Y. Gen. Bus. Law § 899-aa
- Illinois Personal Information Protection Act, 815 ILCS §§ 530/1 to 530/25
- HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414
- The notification laws which apply vary based on information breached and affected parties. Notifications may be required in as few as ten days.
- Involve press/crisis management team in incident-related communications.
Afterward, identify lessons learned
- Re-evaluate breach response plan.
- Ensure that firms/vendors are pre-approved on insurance policies.
- Re-visit and strengthen data security measures.
- Consider changing processes to prevent a future breach.
Interested in the future of AI and communications? Your Council membership includes free enrollment in Ragan's Center for AI Strategy. Contact the Council Concierge at [email protected] with questions.
