Why You Need a Cyber-Security Breach Response Plan

By Jim Ambrosini

Cyber-security breaches have become commonplace today. Breaches at high-profile companies such as Walmart and Target, not to mention the federal government, routinely make headlines.

In addition to eroding public confidence, a cyber-security breach can take a devastating financial and personal toll on a company and its brand. At Target, the CEO and CIO were ousted, and the company agreed to a $10 million settlement of a class-action lawsuit brought by affected customers. Target estimated that its breach-associated costs topped $148 million in the second quarter of 2014 (The New York Times, 8/5/14), and the company experienced related declines in both profits and customer satisfaction. 

Given the increasingly sophisticated methods used by hackers around the world, it may be impossible to prevent a cyber-security breach. However, the next best thing is to be fully prepared by having a comprehensive response plan that can be swiftly and effectively executed if a breach does occur.

Develop and Maintain a Breach Response Plan

Developing and maintaining a formal cyber-security breach response plan is extremely important: It creates confidence in a company’s ability to detect security breaches, respond to them in the appropriate manner and protect against further damage. A well-executed plan will send a message of confidence to both internal and external parties.

In fact, such a plan should play a critical role in maintaining business continuity and protecting brand reputation. It also should be viewed as a key component of the company’s overall enterprise risk-management and risk-mitigation program.

What are the key benefits of such a plan? It should protect a company’s critical assets and sensitive information, including confidential customer information, employee files, sales and product records, intellectual property and other critical data.

Once a breach has occurred, the ensuing chaos can make it impossible to create and effectively implement a response plan. Coordinating interrelated parties—such as IT, legal, law enforcement and customer service—and knowing who needs to be called in at what times, are monumental tasks.

To effectively remediate the breach and restore the public’s confidence in the company, relevant information must be gathered and disseminated, tasks must be assigned to various parties, and those tasks must be implementated at the appropriate times. Although businesses without response plans can ultimately recover from a cyber-security breach, it is far more difficult to do so without a well-thought-out response plan.

Create an Effective Breach Response Plan

As the Target episode showed, an ineffective or nonexistent response to a breach can erode customer and shareholder confidence and cause reputational and fiduciary risk. A company’s response should be quick and fully transparent. The cyber-security breach response plan must be carefully planned and action-oriented, and it should clearly define the roles and responsibilities of all stakeholders in executing the plan.

A cyber-security breach response plan will vary by company, by the types of assets it possesses (digital and otherwise), by its compliance requirements and by other factors. Nevertheless, the following guidelines will be useful in developing a plan.

Build a Multidimensional Response Team

The most effective response plans require input from—and coordination with—diverse organizational units. These can include representatives from a company’s legal, public relations, marketing, customer service, human resources, IT and executive management teams, as well as external insurance companies and, possibly, forensics firms and law enforcement agencies. The breach response team must understand how to work with all these parties to address breach remediation and communications.

As an initial step, members of the team should collect and review all current documentation related to incident response policies and procedures, and then review any current legislation that affects the company. Some members of the team will be the people who will be informed in the event of a breach, while others will hold critical roles in the process.

These groups will work together to create the plan, while obtaining buy-in from internal constituents. The plan should clearly define when and how each of these parties gets involved once a breach is detected.