Not Having a Plan
To a large extent, how well you report and disclose a breach depends on how well you have planned for it in advance. Make sure the response plan cuts across functions and includes members from marketing, communications, and legal, says Tim Erlin, vice president of product management and strategy at Tripwire. "The worst time to figure out how to respond to a breach is while it's happening," he says. "Make decisions ahead of time, not in the heat of the moment.
The plan should include who will release breach information, what information will be released, and when. "If you don't do it correctly, not only can you have extra damage to your brand, but you increase your likelihood of being sued, which drives up the cost of the breach," says Laura Lee, executive vice president of rapid prototyping at Circadence.
Image Source: Shutterstock