The goal for every company hit by a data breach should be to recover quickly and fully. According to speakers during a recent Advisen webinar, extensive planning, leadership and the right breach response team are essential to achieving that goal.
Chad Hemenway, Advisen managing editor and panel moderator, cited the many recent high-profile data breaches and asked what lessons should be learned from the experiences of the affected companies.
“The success rate has certainly gone up for the criminals,” said Bo Holland, founder and CEO of AllClear ID, an identity theft protection and breach response firm. “And for companies, the consequences have never been higher.”
Download the webinar: Breach Response – Preparing for the Threat, Controlling the Chaos
Holland said that data breaches now carry with them the risk of loss of revenue and key executives. A breach response plan offers the chance to keep a bad situation from getting worse.
“You just cannot pull off a successful response at any kind of scale, at any kind of effectiveness, if you haven’t worked through this, if you don’t have a plan in place,” he said.
Chris Keegan, head of Beecher Carlson’s cyberliability practice, noted that with more of an impact at the board level, companies are more likely to have more individuals and groups involved in the planning process and understanding what needs to happen.
“Who needs to be included in this process to keep a bad situation from becoming worse?” asked Hemenway.
Melissa Ventrone, attorney with Wilson Elser, commented that all breach response teams should have a legal presence, but that both teams and plans should be flexible. Not all data breaches are the same and a one-size-fits-all plan won’t work for every event. Being able to prepare a plan that isn’t too rigid and test it – well before a breach occurs – is invaluable.
“I really don’t know if you can put a dollar value on that type of preparedness, but it’s incredibly important,” she said.
Matt Prevost of ACE said that his firm is seeing companies bringing more divisions into the breach response planning process, including the C-suite, public relations, IT and human resources. He noted that carriers are beginning to underwrite based on the awareness level throughout an organization and paying attention to third parties, such as vendors.
Having a well-thought-out plan ensures that organizations can respond to a breach to the satisfaction of customers, regulators and other affected businesses. The panelists asserted that effective planning could save a breach company money and their reputation.
“If companies can get on the right path in the first 72 hours, they really can have a positive outcome where their customers feel safe,” said Holland. “It really does a lot to reduce some of the really big expenses that can come along.”