Putting Together an Effective Data Breach Response Plan

Published: October 9, 2018 by Michael Bruemmer

Experian has officially released their 2018-2019 Data Breach Response Guide.

Last year, there were more than 5,000 data breaches globally, with nearly 1500 originating in the U.S. It’s a number that promises to rise, as cybercriminals become more sophisticated with their attacks and with a growing attack landscape, thanks to mobile and Internet of Things devices. Experian’s 2018 Annual Data Breach Preparedness Study found that 56 percent of respondents reported their organization suffered a data breach; however, that same study found that just 19 percent of employees felt the company’s data breach response plan was highly effective. In addition, only a third felt confident their organization had the systems in place to recognize spear phishing attacks – phishing attacks that are targeted to specific people, often based on their job or other personal information — while only one in five thought they had the right response in place for a ransomware attack.

In other words, despite the inevitability of a data breach or other cyber incident, the majority of organizations don’t have an effective data breach response plan in place.

A comprehensive data breach response plan must keep pace with cybercriminal activity, but the truth is, no one knows what the threat landscape will look in the future. That’s why it is important to build a flexible plan that takes into consideration past and current threat trends and that can be updated to accommodate the latest risks and tactics.

Put Together a Response Team

Building a response plan should begin long before a cyber-incident occurs. It starts with putting together a team consisting of representatives from throughout the organization, but should include someone from human resources, legal, marketing or customer outreach, and IT. The team will be responsible for putting together a comprehensive strategy to mitigate a data breach internally and to deal with the public relations and legal concerns immediately and on message. Having this team in place makes it easier to engage with external partners you may need to deal with financial and legal issues that arise from a potential breach.

C-suite executives should be engaged with the response plan efforts, but in reality, fewer than half are knowledgeable about how their company will respond to a breach. Leadership involvement is important since these are the decision makers who decide on security budgets. Keeping them informed of response team efforts and letting them know the impact a breach can have on the company’s financials should build support.

Practice, Practice, Practice

An effective data breach response plan is not something that can be put on paper and then tucked away until needed. It requires regular practice so when the actual emergency comes. Yet, only 71 percent of organizations actually practice their plans, and of that group, just 44 percent does so at least twice a year. Training should be held regularly, with everyone on the team knowing exactly what their responsibilities are. Each member should also work with employees within their departments to develop prevention and preparedness best practices.

Two other points a data breach response plan should include are cybersecurity insurance and identity theft protection. Insurance will cover your financial losses, including losses caused by down time, and identity theft protection will cover consumers whose data was compromised.

A good data breach response plan isn’t optional in today’s workplace; it’s a requirement. With GDPR and other privacy laws taking effect, not being able to respond to a breach in a timely and effective manner will cost you, financially and reputationally – losses no company can afford. Learn more about the importance of a data breach response.