Make
your organization more resilient with a data breach response plan road map.
Organizations
of all sizes face a growing risk of data breach -- the unintentional release of
sensitive information that could result in business interruption and losses as
well as reputational and legal damages.
To become
cyber resilient, advanced preparation is critical. Developing a data breach
incident response plan can help minimize the risks, costs and impacts of a data
breach.
“Incident
response plans should outline procedures to counter the loss or potential loss
of data,” explained Hart Brown,
senior vice president, Organizational Resilience, HUB International. “Whether the breach was due to a targeted cybercrime
or from mismanaged documents and rogue employees, an effective breach response
plan enables organizations to realize their responsibilities to the individuals
and business partners who entrust the organization with personal information
and intellectual property.”
Data Breach Response Plan Road Map
An incident
report is the first step in your data breach response plan and should include: system
or security event logs to help verify the event, a description of the event including
what actions were taken, and a classification of the event’s cause (i.e.
unauthorized disclosure, improper communication or theft). As the costs of a data
breach are becoming more severe, and failure to quickly identify the scope of
the incident can lead to higher response costs, use the incident report to
determine what additional facts are needed to understand the full impact of the
breach.
Next you’ll
need to establish the Incident Response Team (IRT). The IRT should include a
diverse, cross-functional group to mitigate cost in the aftermath of a data
breach, including external third-party resources that specialize in data breach
response services, and should include: legal specialists, IT forensic experts, public
notification services, call center providers, credit monitoring services and
public relations agencies.
Now
it’s time to contain the situation. Your
IT team will need to plan for altering the configuration of the network to
minimize the malicious activity including rerouting network traffic, filtering
or blocking a distributed denial-of-service (DDoS) attack or isolating all or parts
of the compromised network. The level of complexity further underscores the
need for your cross-functional team to include IT experts from your
organization.
Perhaps one of
the most critical steps is to ensure that the crime scene isn’t disrupted so
that key evidence isn’t lost. Be sure to
to have a strategy for collecting evidence including the type of information
that should be retained such as critical log files, as well as current and
recently terminated employees who had access to the impacted systems.
And finally,
think first before you act! That mantra
is critical to consider in the first moments after the breach when you
establish a post-breach communications structure. Holding statements, incident
notifications, internal FAQs, business associate letters, call center scripts, the
press release, individual victim notifications and state and federal
notifications are a few of the most important communication tools that should
be drafted and ready to go with only specifics filled in at the last minute.
Cyber insurance breakdown
Another
critical preventive measure to put in place to further minimize the damage of a
potential cyber attack is to make sure your organization has the right cyber insurance
coverage. Evaluate the following
defined areas when determining the appropriate insurance coverage for crisis
management expenses:
- Network
Security Liability covers third-party damages
resulting from a failure to protect against destruction, deletion or
corruption of a third party’s electronic data.
- Privacy
Liability covers third-party damages
that result from the disclosure of confidential information collected or
handled by you, or that is under your custody or control.
- Electronic
Media Content Liability covers
personal injury and trademark/copyright claims that arise from the
creation and dissemination of electronic content.
- Regulatory
Defense and Penalties covers costs arising from an
alleged violation of privacy law caused by a security breach.
- Network
Extortion provides reimbursement for
payments made under duress in response to an extortion threat.
- Breach
Event Expenses cover costs associated with
privacy regulation compliance. This includes retaining a crisis management
firm, outside counsel or forensics investigators.
- Data
Asset Protection covers recovery of costs and
expenses that you may incur to restore, recreate or recollect your data
and other intangible assets.
Minimize the impact
Data breach losses can add up quickly with
too many out-of-pocket expenses. In addition to the financial impact of
remediation, organizations will face operational disruption, customer backlash,
lawsuits, fines and reputational losses. Having a data breach response plan as
well as the right cyber insurance coverage can provide for a more
comprehensive, compliant and efficient response while reducing the costs of an
event and minimizing disruption.
For more
information on how to best protect your organization, contact
your HUB International risk consultant.