Cyber Security Requires a Three-stage Approach to Data Breach Prevention

Published: June 25, 2013 by Michael Bruemmer

Private and public businesses are favored targets for hackers; in fact, in 2012, businesses accounted for more than a third of all data breaches in the U.S., according to the Identity Theft Resource Center (ITRC). Perpetrated against companies large and small, these breaches compromised more than 4.6 million records. Research by the Ponemon Institute indicates the number of data breaches continues to grow, yet businesses still fall short in implementing critical cyber security measures to prevent and remedy breaches.

Businesses are not only leaving themselves open to attack by hackers – 40 percent of all data breaches originated from hacking, according to Symantec’s Internet Security Threat Report. They’re exposing data on their own through mistakes or insufficient cyber security measures; nearly a quarter (23 percent) of 2012 breaches occurred by accident, Symantec reports.

Clearly, corporate databases and networks are a treasure trove for cyber criminals, who use a myriad of methods – including hacking, malware, phishing and theft of hardware or software – to gain access to proprietary information. Addressing cyber security threats now requires far more than simply having a firewall and virus protection in place. Cyber security demands a three-prong defense: prevention, response and remediation.


While it may be virtually impossible for an organization to prevent all attacks, it is imperative for companies to take steps to ensure the impact of any attack is minimal. Preventive steps should include the creation of a comprehensive data breach response plan, one that incorporates both the most up-to-date security applications and employee education and conduct policies aimed at reducing the risk of a data breach through an internal source.


Data breaches have a broad impact on a business, from actual cash losses to loss of customer faith, and even fines if a company fails to notify affected consumers in a timely manner. Businesses must create and implement a response plan before a breach occurs. That plan should address mandated notification requirements of affected parties, how the company will investigate the source and method of the breach, and what steps it will take afterward to seal the cyber security hole that created the opportunity for a successful attack.


On average, data breaches cost companies $194 per capita, according to Symantec. Businesses must have in place a comprehensive plan for repairing the damage caused by a data breach, from recovering fiduciary losses and shoring up security measures, to supporting identity theft prevention efforts of affected consumers. Just as businesses rely on tax accountants to guide them through the complexities of their tax liabilities, it makes sense for organizations to seek help from companies that specialize in data breach resolution. Such companies can help advise and guide organizations regarding data breach laws and best practices, and provide vital services – such as identity protection, notification letters, call center support, etc. – to customers affected by the data breach.

The best time to address a data breach is before one ever occurs. By taking a three-stage approach to cyber security, companies can minimize their risks of experiencing a data breach and ensure they are well positioned to recover fully if one does occur.

[dropshadowbox align=”none” effect=”lifted-both” width=”600px” height=”” background_color=”#ffffff” border_width=”1″ border_color=”#dddddd” ]Learn more in this whitepaper: Cyber Insurance 3.0: Risks, Rewards and Future Outlook[/dropshadowbox]

The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality information but make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specific circumstances of each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.