In May’s Phish and Ships issue, Be Cyber Aware at Sea provides an insight into Ponemon’s 2018 Cost of Data Breach report, according to which the average data breach costs $3.8 million and the likelihood of a recurring breach in the next two years is 27.9%. Thus, itʼs no surprise that companies are making cybersecurity a priority. Criminals are targeting sensitive data and if your company canʼt keep it safe, you will almost certainly lose customers following a breach.
Akash Bharadia, a technology specialist in the Cyber & Tech division of AXIS Capital, a global provider of specialty lines insurance and treaty reinsurance and a Phish & Ships sponsor, provides an example of the consequences when a company gets breached.
Specifically, as he comments a company gets breached.
Do you know the notification laws in different jurisdictions?
Whoʼs going to assemble the various IT teams, stop the bleeding and define the priorities for getting everything back up and running?
What vendors do you need?
Whoʼs going to inform the police?
What about regulators?
Are reporters asking questions and how should you respond?
Thatʼs a lot of things to worry about whilst you are being hacked!
That’s the time when an incident response comes in plan. The response planning has two goals:
- Reducing damage;
- Reducing recovery time.
Yet, Mr Akash Bharadia recommends that prior to writing a response plan, one better conduct a thorough risk assessment of their organisation to understand where they might be vulnerable.
As Mr Bharadia proposes
Define the key individuals who need to be ‘on deck’ during a cyber incident. Document roles and responsibilities as well as contact information, ensure there is an emergency communications plan in place and donʼt rely on email addresses or desk phones as they may be taken offline during the breach.
If you have cyber insurance, familiarise yourself with what it offers and how to trigger the breach response services within the policy.
It is of a great importance for one to practice an incident response by using a variety of scenarios that are relevant to the company. Review and update it following each practice run until you are confident that it covers everything you need in the event of a breach. Store it in a few different locations, both physically and digitally, and ensure that everyone can access during an incident.
For more information on 2018 Cost of a Data Breach Study, you may click here.