A Report Template for Incident Response

Effective incident response relies on clear communication and structured documentation to ensure incidents are handled consistent with stakeholder expectations. A customizable incident report template helps responders capture critical details—such as root causes, actions taken, and lessons learned—in a format that meets the needs of business readers.

Preparing for cybersecurity and data privacy incidents involves creating checklists and documented plans to enable the response team to do their best during the incident. Preparation also includes creating a template that the team can use as the basis for the incident report, which is critical to ensuring that the incident is handled well.

We created such an incident report template when we developed our incident response procedures at Axonius. I’m happy to share the public version of this template with the community in this blog post. Incident responders are welcome to use it to strengthen the way they collect, document, and communicate incident-related details.

The incident report template should be used by the incident response coordinator–the person in charge of the organization’s handling of the incident. It helps the coordinator ask the right questions of the people involved in the various response tasks.

The questions captured in this report template fall into these high-level categories in anticipation of what the report’s readers expect to see:

What happened and when?
What was the root cause?
What was and remains to be done?
What lessons can be learned?
What are the remaining action items?

The template captures the details related to these questions. It’s based on the report-writing guidelines I prepared for participants of my Cybersecurity Writing course.

Elisabetta Tiani added her expertise to allow the template to be used for both cybersecurity and privacy incidents. Daniel Trauner shared his insights to strengthen the template further.

You can download the template in the Microsoft Word (OOXML) format here. We’re distributing it under the Creative Commons v4 “Attribution” License so that organizations can adjust the template to their needs.

About the Author

Lenny Zeltser is a cybersecurity executive with deep technical roots, product management experience, and a business mindset. As CISO at Axonius, he leads the security and IT program, focusing on trust and growth. He is also a Faculty Fellow at SANS Institute and the creator of REMnux, a popular Linux toolkit for malware analysis. Lenny shares his perspectives on security leadership and technology at zeltser.com.

Learn more →