Data breaches are on a steady rise, and businesses across all industries are affected. Despite this, an Ernst and Young survey has unearthed that just 24% of Australian companies have a data breach response plan.
And of the businesses that do have a plan, less than half say it’s effective.
When a company suffers a data breach, its IT department faces tremendous pressure to rectify it quickly and accurately. However, there are numerous scenarios where companies have not only failed to prevent a data breach, but have also failed in mitigating its effects.
The Ponemon Cost of a Data Breach Study has revealed that despite an increase in cyber threats, company leaders are not actively involved in the preparedness for data breaches and avoid responsibility for the effectiveness of their data breach preparedness plan.
This lack of involvement thwarts data breach preparedness. In the study, only 41% of companies are confident that their companies can effectively respond to breach of confidential information and intellectual property. It also indicates that only 27% of the respondents are able to minimise the financial and reputational consequences of a material data breach.
52% respondents had experienced a breach in the past two years, and 66% percent of respondents said their organisations suffered multiple breaches.
Data breach response plans consist of a framework that lays down the roles and responsibilities for managing an appropriate response to a data breach. It describes steps to be taken in managing a breach. This includes;
This plan should be in writing and should regularly be reviewed to incorporate any necessary changes. This can be planned to coincide with the introduction of new products and services or any changes in the information system or handling of personal information. You should test a data breach plan before a genuine incident by staging a hypothetical breach.
With the continued increase in cyber attacks, all companies should have a data breach response plan. A quick response substantially decreases the impact both to the company and to other stakeholders. The cost of a data breach is enormous and implementing a data breach response plan will help in mitigating these cost. This plan will also ensure that you have effective privacy procedures and good privacy governance. A data breach response plan helps to:
A data breach response plan improves the ability of your organisation to effectively manage a data breach. It also offers security to you and other stakeholders. This plan will help safeguard your reputation, maintain your customers and prevent you from incurring financial losses associated with poor information security.
To effectively manage risks to your company information, download your ISO 27001 Risk Templates below.