Experian Data Breach Resolution Reveals Five Common Mistakes Made When Handling a Breach
In recognition of National Cyber Security Awareness Month, the list identifies missteps that may put organizations at greater risk for reputational, financial and legal damage.
COSTA MESA, Calif., Sept. 30, 2013 /PRNewswire/ — A data breach is an issue that can affect any organization and National Cyber Security Awareness Month is an opportune time for organizations to start to prepare for an incident or enhance their current response plan. With experience handling thousands of breaches, Experian Data Breach Resolution is observing the commemorative month by providing key insight into how to overcome common mistakes companies experience when handling a data breach.
“While there has been great progress among businesses and institutions in data breach prevention, breaches can still occur and it’s important to execute the right steps after an incident,” said Michael Bruemmer, vice president at Experian Data Breach Resolution. “Being properly prepared doesn’t stop with having a response plan. Organizations need to practice the plan and ensure it will result in smooth execution that mitigates the negative consequences of a data breach.”
Those possible outcomes can include a loss of customers, regulatory fines and class-action lawsuits. Studies show that a majority of organizations had or expect to have a data breach that results in the loss of customers and business partners, and more than 65 percent of companies have or believe they will suffer serious financial consequences as a result of an incident. Among companies that had breaches, the average cost reported of incidents was $9.4 million in the last 24 months. These costs are only a fraction of the average maximum financial exposure of $163 million that the companies surveyed (breached or not) believe they could suffer due to cyber incidents.
Experian Data Breach Resolution will present on this topic at The International Association of Privacy Professionals (IAPP) Privacy Academy held in Bellevue, Seattle, on Oct. 1 at the conference session titled, “Managing the Top Five Complications in Resolving a Data Breach.” Those not in attendance can view the presentation through a live stream at http://www.ustream.tv/experiandbr and pose questions to the panelists in real time via Twitter using the hashtags #databreach and #iapp.
According to Bruemmer, three of the most common mistakes include:
-- No engagement with outside counsel -- Enlisting an outside attorney is highly recommended. No single federal law or regulation governs the security of all types of sensitive personal information. As a result, determining which federal law, regulation or guidance is applicable depends, in part, on the entity or sector that collected the information and the type of information collected and regulated. Unless internal resources are knowledgeable with all current laws and legislations, it is best to engage legal counsel with expertise in data breaches to help navigate through this challenging landscape.
-- No external agencies secured -- All external partners should be in place prior to a data breach so they can be called upon immediately when a breach occurs. The process of selecting the right partner can take time as there are different levels of service and various solutions to consider. Plus, it is important to think about the integrity and security standards of a vendor before aligning the company brand with it. Not having a forensic expert or resolution agency already identified will delay the data breach response process.
-- No single decision maker -- While there are several parties within an organization that should be on a data breach response team, every team needs a leader. Determine who will be the driver of the response plan and primary contact to all external partners. Also, outline a structure of internal reporting to ensure executives and everyone on the response team is up to date and on track during a data breach.
Depending on the industry, additional oversights may involve securing proper cyber insurance and following the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH). The complete list and tips to overcome these issues will be addressed by Bruemmer at the IAPP Privacy Academy presentation. For the Experian Data Breach Resolution schedule of presentations, visit http://www.experian.com/data-breach/events.html.
Additional data breach resources, including Webinars, white papers and videos, can be found at http://www.experian.com/databreach.
Read Experian’s blog at http://www.experian.com/dbblog.
About Experian Data Breach Resolution
Experian(®) is a leader in the data breach resolution industry and one of the first companies to develop products and services that address this critical issue. As an innovator in the field, Experian has a long-standing history of providing swift and effective data breach resolution for thousands of organizations, having serviced millions of affected consumers. For more information on the Experian Data Breach Resolution division at ConsumerInfo.com, Inc. and how it enables organizations to plan for and successfully mitigate data breach incidents, visit http://www.experian.com/databreach.
Experian is the leading global information services company, providing data and analytical tools to clients around the world. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.
Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended March 31, 2013 was US$4.7 billion. Experian employs approximately 17,000 people in 40 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and Sao Paulo, Brazil.
For more information, visit http://www.experianplc.com.
Experian and the Experian marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.
 Experian Data Breach Resolution and Ponemon Institute study, Is Your Company Ready for a Big Data Breach? 2013
 Experian Data Breach Resolution and Ponemon Institute study, Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age 2013
SOURCE Experian Data Breach Resolution