Data Breach Preparation: Failing to Plan is Like Planning to Fail

Published: September 14, 2021 by Michael Bruemmer

As today’s fastest-growing form of criminal activity, cybercrime is expected to cost organizations $6.1 trillion worldwide this year alone,1 with attacks on enterprises now occurring every 11 seconds2. But despite increasingly widespread growth in corporate IT security awareness, the importance of putting a sound plan in place for protecting your customers’ privacy and data can’t be underscored enough.coworkers at table

Given the scale of IT security threats, it bears reminding: Network compromise is now largely a matter of when, not if for most businesses. As a result of this shift in security and operating environments, it’s important for enterprise leaders to note the six key reasons that most data breach responses fail:

  1. No Budget: Despite the seeming inevitability of a data breach, most companies’ average annual budget for a consumer response is exactly $0. Many companies and security teams believe they are fully prepared or won’t be targeted. But with losses due to ransomware attacks up 225% lately in the US alone3, it can be an expensive gamble to make.
  2. Never Tested: Even if a company does have a data breach response plan in place, it’s not usually been stressed-tested via live exercises and drills. Having a plan in place is a great first step, but unless you test it in a live breach simulation or exercise, you can’t be certain the plan will be successful.
  3. Unknown Impact: It can be hard to know how much of your customer population has been impacted by the breach. Your plan needs to be flexible enough to accommodate both small and massive breaches.
  4. No Estimate: Data breach responses also fail because there is no estimate for the scale of phone calls, emails, and complaints that may be received. To put things in perspective: A small data breach is MUCH different and easier to remedy than a one involving millions of records.
  5. Slow to Respond: By law, firms that suffer a data breach must now report the incident to government authorities within 72 hours. Failure to address increasing regulatory compliance and information sharing needs (which demand greater oversight and overhead from organizations), can come with hefty fines.
  6. No SLAs: Companies often don’t have the necessary agreements to guarantee the infrastructure and staff to assist consumers with resolving their cases. Having a dedicated, guaranteed number of call center agents ready to go when a company experiences a data breach is invaluable.

To improve your odds of successfully defending against and responding to breaches, you’ll want to focus on strengthening four areas of operations:

  • Guarantee Resources: Ensure that you have dedicated security resources and prepared to react to threats on the turn of a dime. Your SLAs should include well-trained, certified call center agents and the infrastructure ready to go. This should include scalable and high quality identity protection services to resolve harm to your customers.
  • Readiness Testing: Failing to plan (i.e. not stress-testing your recovery plan prior to incidents occurring) is like planning to fail. By rehearsing your disaster response and recovery strategies, you’ll be able to identify any points of failure and shortcomings that you can improve upon before actual concerns arise.
  • Regulatory Needs: Emphasize quick and accurate responses to regulator inquiries by understanding the specifics for your industry and business.
  • Communications: Having a corporate communications plan ready to go in real-time is also key. Connect with your communications team to create a communications response plan prior to any incidents occurring so that all you largely need to tweak are specifics on the day of the event.

According to studies by IBM, companies can save $1.2 million off the cost of data breaches by having an incident response plan in place and extensively testing it before cyber threats strike. Bearing this in mind, the best defense against digital dangers is a good offense. Experian’s Reserved Response™ was created to help organizations take a proactive approach to data breach response planning. Deploy it to put an end-to-end game plan in place and implement a step-by-step playbook that workers can follow in the event of  an incident. You’ll also guarantee that your organization gains the necessary manpower, infrastructure, and response readiness needed to ensure ongoing network resilience and a speedy recovery should disaster strike.


1 Cybersecurity Ventures, Annual Cybercrime Report 2020

2 Cybersecurity Ventures, Cybercrime to Cost the World $10.5 Trillion Annually by 2025

3 Cyberreason, Ransomware: The True Cost to Business Study 2021