Articles In This Issue
Have you had a data breach?
If you have any questions about our resources or any topics related to Experian Data Breach Resolution, please contact us at firstname.lastname@example.org or call 1 866 751 1323.
5 Ways to Reduce Risk and Prepare for a Big Breach
Is your company ready for a big data breach? That’s the question the Ponemon Institute is asking in a new, first-of-its-kind study sponsored by Experian® Data Breach Resolution.
The study finds the biggest concerns regarding a big breach, defined as the loss or theft of more than 1,000 sensitive or confidential records, are losing customers and business partners, as well as the negative public opinion and media coverage that result. So just how are companies working to decrease their risk and prepare for a breach in order to help stave off such destructive consequences? Here are five key ways:
- Third-party contracts and vetting
The majority of organizations perform due diligence before handing over sensitive data to vendors and other business partners. Fifty-four percent of respondents vet the privacy and data protection practices of vendors before sharing data with them. Plus, 65 percent use standard or model contract terms with vendors and other partners. These tactics will continue to be important in reducing breach risk as more and more companies use cloud or payment service providers.
- Breach preparedness plan
From lawsuits to customer loss, there’s a great deal at risk if a breach occurs. A breach preparedness plan, which 61 percent of the study respondents have, helps companies act quickly to activate all the resources and take the necessary steps to respond to an incident. If no plan is in place when a big breach occurs, the negative impact may be insurmountable. It’s going to take a company without a plan longer to respond to a breach, opening the door to disgruntled or lost customers, extended media coverage and potential mistakes, which may lead to class action lawsuits and fines.
- Dedicated breach response team
Sixty-seven percent of the respondents in the Ponemon study report having a team dedicated to breach response. For the majority (55 percent), it’s a cross-functional team involving individuals from many different departments. Only 4 percent have a Chief Security Officer responsible for managing an incident, which Ponemon has previously found to reduce the cost of a breach by 35 percent, according to the 2011 Cost of a Data Breach Study.
- Outside vendors engaged
State and federal regulatory agencies expect a breach to not only be handled well but also handled in a timely manner. Partnering with outside vendors that bring specific expertise to breach response can help expedite your timeline for investigations and notifications. Companies participating in the study utilize law firms specializing in privacy and data protection, forensics and investigation firms, customer service and call centers, notification providers and cyber security insurance firms. Only 37 percent opt not to engage any outside vendors for such services.
- Understanding state and federal requirements
Staying abreast of what state and federal agencies require of your breach response is vital. Sixty-four percent of study respondents have a process in place to determine and/or monitor requirements for state and federal disclosures. If this is something your organization has overlooked, remember that oftentimes such requirements come with fines if they aren’t followed. So by understanding how to comply upfront, you can be sure you’re prepared to meet expectations even in the midst of a breach.
While these five practices are positive signs in reducing breach risk and increasing preparedness, the study also identified several ways companies are potentially increasing their risk. Such practices include permitting BYOD (bring your own device) without security testing – 78 percent do this. As for encryption, 46 percent do not use it on computers, servers and storage devices, and 22 percent of the privacy officers surveyed were unsure whether it’s used or not.
It only goes to show just how complex breach preparedness really is. If you aren’t prepared, a big data breach could be disastrous. So take the time in the first quarter of FY14 to prepare for a breach so you can effectively recover if one occurs.
Click here to download the complete data breach preparedness study.