In today’s world virtually all businesses are at risk of cyber-attacks, making prevention only half the battle. The other half is response to a breach. Businesses need to have plans in place for what to do when they believe information has been compromised. Data breach response plans are necessary to outline the actions a breached business must take to ensure minimal damage to their organization and customers. A plan that is easy to follow gives businesses time to garner the necessary resources to minimize the damage. A common component in many businesses’ cyber response plan is a well-structured Cyber Liability Insurance Policy,. However, coverage options vary widely so organizations must carefully examine their need before crafting a policy.
Assemble the Team
The first step is to determine who should be notified in the event of a breach. The team typically includes a representative from the following branches: executive, legal, information security, risk management, information technology, human resources, and public relations. Further, businesses should consider what exterior vendors should be notified of the breach, given the increased reliance on them. If the business does have Cyber Liability Coverage, the insurer should also be involved in the response plan.
Consider where Legal Obligations Exists
There are rules dictating when and how breach victims are to be notified. Generally timeframes are very strict. Understanding obligations to the victims in detail is necessary for the plan to be effectively implemented. The kind of data that the business is handling also factors into how the company should legally react, for example what regulatory agency or oversight group to contact.
Create the Action Steps
Action steps will be different for each industry and business. However, general guidelines typically include finding the cause of the breach, doing what is necessary to plug the leak, and then looking for solutions to the problem while notifying victims. Communication channels should be examined in order to identify who is responsible for initiating the response plan and who is responsible for involving third party vendors. This ensures that all involved parties are ready to go from the moment the breach is realized. A breach response plan should be a living document and should be tested using a scenario. In this experience glitches can be observed, solutions can be created, and the plan can be amended.