Recovery and response expenses mount quickly when a data breach happens. The recently released 2016 Cost of Data Breach U.S. Study sponsored by IBM and the Ponemon Research Institute shows the average costs of a data breach by providing an average record cost of a breached record, by industry.
Amongst the growing list of costs to respond to a breach, there are costs to hire a forensics investigator, costs for hiring an attorney to help assist with the data breach notification reporting requirements, costs for providing notification and credit monitoring for affected customers, lost revenue, crisis management, just to name a few — which can create a financial loss so staggering regardless of the size and type of company, organization or industry.
The 4 Mandatory “M” Requirements of Operating a Company in Today’s Interconnected World that Companies need to think about, address and plan for are:
1. Minimize and Know Your Company’s Cyber and Data Risks
2. Monitor your Company’s Risks 24/7
3. Mitigate your Company’s Cyber and Data Risks
4. Manage your Company’s Data Breach Response Plan
Minimize and Know Your Company’s Cyber and Data Risks:
What is the value of your company’s data and what are you doing to protect it? Has your company conducted a risk assessment? What type of data is the company collecting and storing? Regardless of your company’s industry, your company is vulnerable in some way to cyber and data risks. Even if your company does not have any sensitive data, it may have access to third-party data it is processing or accessing which is why it is important that your company understands and addresses its vulnerabilities in order to minimize these risks. If we have learned anything from the plethora of data breaches that are behind us is that there is no guarantee your company will not have a data breach, but you can take steps today to minimize the damage of one when it happens. This is why is crucial to plan ahead for its occurrence rather then leave it to chance and deal with it “when” it happens.
Monitor your Company’s Cyber and Data Risks 24/7:
Continuous monitoring of cyber and data risks is certainly a 24/7 requirement for what has become conducting and operating a business in today’s interconnected environment that never sleeps. A good starting point in creating your company’s monitoring plan and overall cyber and data security protocols is to print out the NIST Cybersecurity Framework. This invaluable resource can help your company with planning for and addressing “Identifying, Protecting, Detecting, Responding and Recovering” from an incident. The NIST CSF states, amongst other things that your company should have processes in place to monitor for anomalies and events; security continuous monitoring; and detection.
Mitigate your Company’s Cyber and Data Risks:
When a data breach happens, how will (and can?) your company pay for it? Investing in cyber insurance coverage that matches and aligns with your company’s cyber and data risk profile is recommended. Coverage is available today for the costs associated with responding to a data breach. Such as: the costs of hiring a computer forensics expert, mailing out notification letters and offering credit or identity theft monitoring to affected individuals, attorney defense costs for potential plaintiff lawsuits, regulatory fines and penalties, cyber extortion, business network interruption, crisis management and more. Please keep in mind that cyber insurance policies vary greatly by insurance carrier, therefore, coverages, policy conditions and exclusions should be examined carefully. This is why it is advisable that your company works with an experienced cyber insurance specialist broker, as not all brokers cyber insurance knowledge and experience is the same, and varies greatly.
Manage your Company’s Data Breach Response Plan:
Having a data breach response plan in place before an incident happens is becoming today’s standard requirement of operating business in an evolving fast paced interconnected business environment. This way when a data breach happens, the company is prepared to manage and respond to the incident and minimize the damage of the aftermath by being prepared beforehand with an incident response plan in place. Being prepared before an incident happens goes a long way today in minimizing your company’s response costs, customer loss, liabilities and regulatory scrutiny.
Indeed, cyber insurance can help complement your company’s incident response plan, as most cyber insurance policies provide a team of experienced data breach response experts ready and waiting to help when you call.
Without an incident response plan in place, or a cyber insurance 24/4 data breach reporting hotline, who is your company going to call when a crisis happens?
For help with your company’s cyber insurance, please complete our cyber insurance quote request form or give us a call.