In recognition of National Cyber Security Awareness Month, the list identifies missteps that may put organizations at greater risk for reputational, financial, and legal damage

October 1, 2013

4 Min Read


COSTA MESA, Calif., Sept. 30, 2013 /PRNewswire/ -- A data breach is an issue that can affect any organization and National Cyber Security Awareness Month is an opportune time for organizations to start to prepare for an incident or enhance their current response plan. With experience handling thousands of breaches, Experian Data Breach Resolution is observing the commemorative month by providing key insight into how to overcome common mistakes companies experience when handling a data breach.

"While there has been great progress among businesses and institutions in data breach prevention, breaches can still occur and it's important to execute the right steps after an incident," said Michael Bruemmer, vice president at Experian Data Breach Resolution. "Being properly prepared doesn't stop with having a response plan. Organizations need to practice the plan and ensure it will result in smooth execution that mitigates the negative consequences of a data breach."

Those possible outcomes can include a loss of customers, regulatory fines and class-action lawsuits. Studies show that a majority of organizations had or expect to have a data breach that results in the loss of customers and business partners, and more than 65% of companies have or believe they will suffer serious financial consequences as a result of an incident[1]. Among companies that had breaches, the average cost reported of incidents was $9.4 million in the last 24 months. These costs are only a fraction of the average maximum financial exposure of $163 million that the companies surveyed (breached or not) believe they could suffer due to cyber incidents[2].

Experian Data Breach Resolution will present on this topic at The International Association of Privacy Professionals (IAPP) Privacy Academy held in Bellevue, Seattle, on Oct. 1 at the conference session titled, "Managing the Top Five Complications in Resolving a Data Breach." Those not in attendance can view the presentation through a live stream at and pose questions to the panelists in real time via Twitter using the hashtags #databreach and #iapp.

According to Bruemmer, three of the most common mistakes include:

-- No engagement with outside counsel -- Enlisting an outside attorney is

highly recommended. No single federal law or regulation governs the

security of all types of sensitive personal information. As a result,

determining which federal law, regulation or guidance is applicable

depends, in part, on the entity or sector that collected the information

and the type of information collected and regulated. Unless internal

resources are knowledgeable with all current laws and legislations, it

is best to engage legal counsel with expertise in data breaches to help

navigate through this challenging landscape.

-- No external agencies secured -- All external partners should be in place

prior to a data breach so they can be called upon immediately when a

breach occurs. The process of selecting the right partner can take time

as there are different levels of service and various solutions to

consider. Plus, it is important to think about the integrity and

security standards of a vendor before aligning the company brand with

it. Not having a forensic expert or resolution agency already identified

will delay the data breach response process.

-- No single decision maker -- While there are several parties within an

organization that should be on a data breach response team, every team

needs a leader. Determine who will be the driver of the response plan

and primary contact to all external partners. Also, outline a structure

of internal reporting to ensure executives and everyone on the response

team is up to date and on track during a data breach.

Depending on the industry, additional oversights may involve securing proper cyber insurance and following the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH). The complete list and tips to overcome these issues will be addressed by Bruemmer at the IAPP Privacy Academy presentation.

For the Experian Data Breach Resolution schedule of presentations, visit

Additional data breach resources, including Webinars, white papers and videos, can be found at

Read Experian's blog at

About Experian Data Breach Resolution

Experian® is a leader in the data breach resolution industry and one of the first companies to develop products and services that address this critical issue. As an innovator in the field, Experian has a long-standing history of providing swift and effective data breach resolution for thousands of organizations, having serviced millions of affected consumers. For more information on the Experian Data Breach Resolution division at, Inc. and how it enables organizations to plan for and successfully mitigate data breach incidents, visit

About Experian

Experian is the leading global information services company, providing data and analytical tools to clients around the world. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended March 31, 2013 was

US$4.7 billion. Experian employs approximately 17,000 people in 40 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and Sao Paulo, Brazil.

For more information, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights