The best way to handle any emergency is to be prepared. When it comes to data breaches incident response plans are the first step organizations take to prepare. Furthermore, many organizations are required to maintain one. For example, any organization that accepts payment cards is most likely contractually required to adopt an incident response plan.
The EU’s new General Data Protection Regulation (“GDPR”), set to go into effect May 2018, further enhances the importance of incident response plans. The GDPR is a regulation that applies to any business which processes the personal information of EU citizens. While the GDPR does not explicitly require that organizations have an incident response plan, it requires organizations to report data breaches within 72 hours of discovering them. Organizations who do not comply may be subject to heavy fines. Thus, having an incident response plan in place will likely be essential to an organization’s ability to comply with the GDPR’s notification obligation.
An organization with a fully functional incident response plan can significantly reduce the cost of the data breach by identifying, responding and containing the breach quickly. A good incident response plan does not attempt to predict every type of breach that may occur. Rather the fundamental components of an incident response plan is that it establishes the framework for who within an organization is responsible for investigating a security incident, what resources that person has at their disposal (inside and outside of the organization), and when a situation should be elevated to others within the organization. They can also provide a reference guide for the type of actions common to most security investigations.
$19 per record
The amount per compromised record that having an incident response team reduces the cost of a data breach.1
The amount on average that breach containments that take more than 30 days cost more than those that take less than 30 days to contain.2
Percentage of companies that have an incident response plan that is applied consistently across the enterprise.3
What are an organization’s top concerns when it comes to incident response plans?
Checklist for drafting an effective incident response plan:
1. Ponemon Institute, 2017 Cost of Data Breach Study (June 2017), https://www.ponemon.org/library/2017-cost-of-data-breachstudy-united-states.
3. Ponemon Institute, The Second Annual Study on the Cyber Resilient Organization: Executive Summary 2 (Nov. 2016), http://info.resilientsyst ems.com/ponemon-institute-study-the-2016-cyber-resilient-organization.