Connecting you to Insurance and Risk Management Resources About HUBSign-upSearch

Creating a Data Breach Response Plan

Make your organization more resilient with a data breach response plan road map.

Organizations of all sizes face a growing risk of data breach -- the unintentional release of sensitive information that could result in business interruption and losses as well as reputational and legal damages.

To become cyber resilient, advanced preparation is critical. Developing a data breach incident response plan can help minimize the risks, costs and impacts of a data breach.

After the Data Breach“Incident response plans should outline procedures to counter the loss or potential loss of data,” explained Hart Brown, senior vice president, Organizational Resilience, HUB International. “Whether the breach was due to a targeted cybercrime or from mismanaged documents and rogue employees, an effective breach response plan enables organizations to realize their responsibilities to the individuals and business partners who entrust the organization with personal information and intellectual property.”

Data Breach Response Plan Road Map

An incident report is the first step in your data breach response plan and should include: system or security event logs to help verify the event, a description of the event including what actions were taken, and a classification of the event’s cause (i.e. unauthorized disclosure, improper communication or theft). As the costs of a data breach are becoming more severe, and failure to quickly identify the scope of the incident can lead to higher response costs, use the incident report to determine what additional facts are needed to understand the full impact of the breach.

Next you’ll need to establish the Incident Response Team (IRT). The IRT should include a diverse, cross-functional group to mitigate cost in the aftermath of a data breach, including external third-party resources that specialize in data breach response services, and should include: legal specialists, IT forensic experts, public notification services, call center providers, credit monitoring services and public relations agencies.    

Now it’s time to contain the situation. Your IT team will need to plan for altering the configuration of the network to minimize the malicious activity including rerouting network traffic, filtering or blocking a distributed denial-of-service (DDoS) attack or isolating all or parts of the compromised network. The level of complexity further underscores the need for your cross-functional team to include IT experts from your organization.

Perhaps one of the most critical steps is to ensure that the crime scene isn’t disrupted so that key evidence isn’t lost. Be sure to to have a strategy for collecting evidence including the type of information that should be retained such as critical log files, as well as current and recently terminated employees who had access to the impacted systems.

And finally, think first before you act!  That mantra is critical to consider in the first moments after the breach when you establish a post-breach communications structure. Holding statements, incident notifications, internal FAQs, business associate letters, call center scripts, the press release, individual victim notifications and state and federal notifications are a few of the most important communication tools that should be drafted and ready to go with only specifics filled in at the last minute.

Cyber insurance breakdown

Another critical preventive measure to put in place to further minimize the damage of a potential cyber attack is to make sure your organization has the right cyber insurance coverage. Evaluate the following defined areas when determining the appropriate insurance coverage for crisis management expenses:

  • Network Security Liability covers third-party damages resulting from a failure to protect against destruction, deletion or corruption of a third party’s electronic data.
  • Privacy Liability covers third-party damages that result from the disclosure of confidential information collected or handled by you, or that is under your custody or control.
  • Electronic Media Content Liability covers personal injury and trademark/copyright claims that arise from the creation and dissemination of electronic content.
  • Regulatory Defense and Penalties covers costs arising from an alleged violation of privacy law caused by a security breach.
  • Network Extortion provides reimbursement for payments made under duress in response to an extortion threat.
  • Breach Event Expenses cover costs associated with privacy regulation compliance. This includes retaining a crisis management firm, outside counsel or forensics investigators.
  • Data Asset Protection covers recovery of costs and expenses that you may incur to restore, recreate or recollect your data and other intangible assets.

Minimize the impact

Data breach losses can add up quickly with too many out-of-pocket expenses. In addition to the financial impact of remediation, organizations will face operational disruption, customer backlash, lawsuits, fines and reputational losses. Having a data breach response plan as well as the right cyber insurance coverage can provide for a more comprehensive, compliant and efficient response while reducing the costs of an event and minimizing disruption.

For more information on how to best protect your organization, contact your HUB International risk consultant.