Assess Your Customer Response Plan
Speed of Notification is measured by the number of hours/days from becoming aware of the breach until the public response is launched. Bear in mind that the regulator notification speed is now 72 hours for companies’ subject to the New York DFS Cybersecurity Regulation or the European Union’s General Data Protection Regulation.
The Quality of the Response is measured by the organization’s ability to successfully execute each component of the plan at scale under emergency circumstances.
How to Use the Assessment Matrix
Take the “Assess Your Customer Response Plan” to estimate how your plan would perform if you experienced a breach affecting 50% and 100% of the customer records in your database. Review each question and GRADE your plan using the PERFORMANCE BAR. Your choices will be reflected in the quadrant you are most likely to experience if an attack occurs tomorrow.