The Importance of being prepared for a Data Breach

October 5, 2015

With data breaches making healines every other day, it is important now more than ever to be prepared for the event of a Data Breach. According to Research Reports done by Ponemon Institute on Data Breach Preparedness they found that while a few companies are making valuable changes many companies are deficient in governance and security practices. Effective preparedness includes: keeping the data breach response plan up-to-date, conducting risk assessments of areas vulnerable to a breach, continuous monitoring of information systems to detect unusual and anomalous traffic and investing in technologies that enable timely detections of a security breach.

In addition to helping a company prepare for a breach, the existence of a plan can reduce the overall cost of an incident. The 2014 Cost of Data Breach Study: United States reported that the average cost for each lost or stolen record was $201. However, if a company has a formal incident response plan in place prior to the incident, the average cost of a data breach was reduced as much as $17 per record.

So where do you begin your Data Breach Preparedness Plan?

  • Begin by assigning a knowledgeable person to head a response team (CISO-Chief Information Security Officer, CO-Compliance Officer, Head of Business Continuity Management, Chief Information Officer, Chief Risk Officer, Head of PR and Communications, General Counsel, Chief Privacy Officer or Human Resources)
  • The response team should acquire such skills such as IT security, legal and public relations and privacy
  • Talk to your insurance broker about adding a Data Breach or Cyber Insurance policy or adding an endorsement to your current liability coverage

What are the technical security considerations?

  • Risks created by end-users and mobile devices
  • Know what technologies are available to quickly detect a data breach

Prepare through Risk Assessments & Monitoring

  • Risk access information systems for unusual or anomalous traffic
  • Consider drills, procedures and oversight that help improve upon the data breach response plan becoming more effective

Consider Retention of Customers after a data breach in your plan

  • Free identity theft protection and credit monitoring services
  • Designated call center to provide information and respond to customer concerns
  • Gift cards
  • Discounts on products or services
  • A sincere and personal apology (not a generic notification)

This is an overview of what to consider when creating a data breach preparedness plan. For more detail click on Creating a Data Breach Preparedness Plan.

The Armstrong Company Insurance Consultants (License #0440075)