It should come as no surprise that an awful lot of organizations are ill-prepared for a cyber attack. Stories of high profile data breaches litter the news seemingly every day, often backed up with alarming statistics about the nature and frequency of cyberattacks in the digital era. For example, a recent IBM study found that healthcare is the most expensive industry for a data breach, standing at $6.45 million. Healthcare also spent the most amount of time in the data breach lifecycle, at 329 days. Finance and payment companies saw the largest drop in share performance following a breach compared with others.
However, it’s not all bad news. Recently, we have found that more organizations are investing in getting the fundamentals of cybersecurity right. Companies are increasingly focused on putting the right tools in place to protect against common threats. They are also following best practice guidelines for IT architecture and focusing more on user training, patching, and updating and upgrading equipment. Still, focusing on the fundamentals can only get you so far in a world where cyberattacks are now the third-largest threat to global society. Cybercriminals perfect and advance their techniques as we perfect and advance our protective measures. It’s a constant game of cat and mouse where we must continually strive to improve our practices.
One area where there are still considerable gaps is in the fallout of a breach. We found that even companies who excelled at implementing the fundamentals were still ill-equipped to handle a breach when it happened. With this in mind, we’ve compiled some critical considerations for companies looking to be better prepared for a breach. You can find a detailed checklist broken down by department or function at the end of the article that will help you put this advice into practice.
Support from Core Teams and Improving Operational Readiness
Core business teams like legal, PR and marketing, and corporate communications must be engaged in the process. It’s paramount that legal teams be well versed in cybersecurity issues and understand their role in preventing and responding to cybersecurity events. This means breaking down silos and ensuring that legal teams are notified of cybersecurity events and activities and are prepared to support your organization in the event of a breach.
Similarly, PR and Marketing teams must respond confidently and accurately to the press and broader public. The message must be balanced so that legal obligations are met and so that the message is controlled and rumors don’t run wild. For corporate communication teams, the message needs to be disseminated appropriately. All employees should understand if a breach has occurred but engaging the right teams with the correct information is also critical. Customer service teams need to know what to say to customers, so their information will be tailored to their role. The information given to your vendors will be different again.
Lastly, any changes you implement must be documented and widely distributed. There’s no use in your breach team having a communications plan if they haven’t documented it or engaged with the communications team or the wider business. Document your plans for breach events and then continually evaluate, update, and test them accordingly.
Forensics and Recovery
How quickly you detect and respond to an attack can significantly impact the financial and reputational harm caused by the attack. Put simply, the faster you recover, the more limited the impact. How you handle forensics can make the difference between a big or a small fine. You need to know what you need to produce during a breach, whether you have the level of forensics capabilities you need, or need help from a cyber forensics firm.
It’s a good idea to continually reevaluate and reassess your cyber insurance to see if it’s a good match for your company. Cyber insurance plans vary widely in coverage, and requirements for coverage also change frequently. You need to determine whether your plan meets your legal and regulatory standards and whether there are any stipulations you need to adhere to, such as only using specific security vendors in the event of a breach.
Please use this checklist, paying particular attention to the questions to see whether your company is well-prepared for a data breach.