Most businesses who have suffered a data breach will tell you it was one of the most challenging times of their professional careers. Data breaches are human events, both for the impacted customers and the incident response team in charge of executing the response. As such, human emotions come to the surface and can inhibit […]
Vital Components to Equip Your Organization for Breach Readiness
By Marissa Rodriguez
To date, 975 breaches have occurred this year resulting in over 19 million records exposed. These numbers demonstrate necessity of breach readiness – it’s not a matter of if a data breach will happen to you, but when. What’s more, these breaches can have a long-term impact on companies. On average,immediately after a data breach, a business’ market share price will decrease an estimated 0.43% and over time these share prices will rise, but at a much slower rate than before the breach.
Prevention is no longer enough
Adding to this complicated dynamic is the fact that new regulations in the U.S. and the EU (like NYDFS and GDPR) demand a 72 hour reaction time to a data breach. Preparing and testing a robust breach readiness plan is the key to success in this environment.
While most companies have an incident response plan, many lack the detail required to actually execute a customer response, and don’t discover this fact until it’s too late.
Common Components of Incident Response Plans
Most incident response plans today include the following components:
- An internal core team along with their specific roles and contact information
- An internal communications plan, detailing who needs to be notified when, and how information is shared with the core team and larger company
- Methods for determining if there was an incident, and whether or not it is notifiable (forensics and breach counsel are absolutely crucial in these processes)
- Plan for the process of communication externally with customers, media, law enforcement, legal and incident reporting organization
One of the biggest misconceptions for breach readiness is that an Incident Response Plan is complete with only the sections mentioned above. In reality, our thirteen years of breach response experience tell us this is not true. To build a response plan that will actually guide you through the critical decisions of your customer response, you must include the details required to execute a solid customer response.
In this blog series we will walk you through what a robust Breach Readiness plan contains, including the following:
- Notification details – What communications plans do you need for clear and timely internal and external communication?
- End User Support (Identity Theft Protection) How and with what protections will you support the affected population?
- Customer Service Care – Who will manage the customer support, what will you say to customers, how will you resolve harm?
No one can ever anticipate when the unexpected happens, but you can take steps to prepare your organization to respond if a breach occurs. This is truly the only way to be ready. Stay tuned to dive deeper into what breach readiness really looks like.