"While there has been great progress among businesses and institutions in data breach prevention, breaches can still occur and it's important to execute the right steps after an incident," said Michael Bruemmer, vice president at Experian Data Breach Resolution. "Being properly prepared doesn't stop with having a response plan. Organizations need to practice the plan and ensure it will result in smooth execution that mitigates the negative consequences of a data breach."
Those possible outcomes can include a loss of customers, regulatory fines and class-action lawsuits. Studies show that a majority of organizations had or expect to have a data breach that results in the loss of customers and business partners, and more than 65% of companies have or believe they will suffer serious financial consequences as a result of an incident. Among companies that had breaches, the average cost reported of incidents was $9.4 million in the last 24 months. These costs are only a fraction of the average maximum financial exposure of $163 million that the companies surveyed (breached or not) believe they could suffer due to cyber incidents.
Experian Data Breach Resolution will present on this topic at The International Association of Privacy Professionals (IAPP) Privacy Academy held in Bellevue, Seattle, on Oct. 1 at the conference session titled, "Managing the Top Five Complications in Resolving a Data Breach." Those not in attendance can view the presentation through a live stream at http://www.ustream.tv/experiandbr and pose questions to the panelists in real time via Twitter using the hashtags #databreach and #iapp.
According to Bruemmer, three of the most common mistakes include:
-- No engagement with outside counsel -- Enlisting an outside attorney is
highly recommended. No single federal law or regulation governs the
security of all types of sensitive personal information. As a result,
determining which federal law, regulation or guidance is applicable
depends, in part, on the entity or sector that collected the information
and the type of information collected and regulated. Unless internal
resources are knowledgeable with all current laws and legislations, it
is best to engage legal counsel with expertise in data breaches to help
navigate through this challenging landscape.
-- No external agencies secured -- All external partners should be in place
prior to a data breach so they can be called upon immediately when a
breach occurs. The process of selecting the right partner can take time
as there are different levels of service and various solutions to
consider. Plus, it is important to think about the integrity and
security standards of a vendor before aligning the company brand with
it. Not having a forensic expert or resolution agency already identified
will delay the data breach response process.
-- No single decision maker -- While there are several parties within an
organization that should be on a data breach response team, every team
needs a leader. Determine who will be the driver of the response plan
and primary contact to all external partners. Also, outline a structure
of internal reporting to ensure executives and everyone on the response
team is up to date and on track during a data breach.
Depending on the industry, additional oversights may involve securing proper cyber insurance and following the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH). The complete list and tips to overcome these issues will be addressed by Bruemmer at the IAPP Privacy Academy presentation.
For the Experian Data Breach Resolution schedule of presentations, visit http://www.experian.com/data-breach/events.html.
Additional data breach resources, including Webinars, white papers and videos, can be found at http://www.experian.com/databreach.
Read Experian's blog at http://www.experian.com/dbblog.
About Experian Data Breach Resolution
Experian® is a leader in the data breach resolution industry and one of the first companies to develop products and services that address this critical issue. As an innovator in the field, Experian has a long-standing history of providing swift and effective data breach resolution for thousands of organizations, having serviced millions of affected consumers. For more information on the Experian Data Breach Resolution division at ConsumerInfo.com, Inc. and how it enables organizations to plan for and successfully mitigate data breach incidents, visit http://www.experian.com/databreach.
Experian is the leading global information services company, providing data and analytical tools to clients around the world. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.
Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended March 31, 2013 was
US$4.7 billion. Experian employs approximately 17,000 people in 40 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and Sao Paulo, Brazil.
For more information, visit http://www.experianplc.com.