Summary
Cyber breaches, breaches of security in which proprietary data is stolen, are occurring with increasing frequency and increasing damage. The Identity Theft Resource Center in San Diego reported that in 2008, there were 656 data breaches reported, up from the recorded 446 breaches of 2007. The Ponemon Institute, a leading privacy and information management research firm based in Traverse City, Mich., has data demonstrating that the costs associated with cyber breaches are also on the rise. In December 2007, Ponemon released the findings of a comprehensive study which found that data breaches cost organizations an average of $197 per breached customer record and $6.3 million per breach incident. The study found that in addition to the costs associated with notifying customers whose data had been breached as required by federal and state privacy laws, organizations whose data had been breached incurred an average $4.1 million in lost business. This figure represents a 30 percent increase over the prior year. Let's also not forget the costs associated with potential lawsuits stemming from a cyber breach and the intangible costs associated with loss of customer confidence and damage to a company's reputation and brand.
While cyber breaches are an unfortunate fact of our computer- dependent society, being prepared for one can help mitigate the damage and related losses. Cyber breach policies, which are now offered by many major insurance carriers should be a given. These policies vary in coverage but generally cover Internet media, system security and privacy liabilities, as well as the costs associated with customer notification programs, regulatory investigations, credit monitoring for breached customers and crisis management. Beyond having this coverage, the carriers themselves will say that the best defense to a cyber breach is a strong offense, which includes a training program to prepare an organization for a potential breach. Several carriers, in fact, are making this training a condition of their policies. A sound incident response training program should be implemented by all organizations, but especially purveyors of extensive personal data such as financial institutions and health care providers. Following are the steps involved in developing a data breach incident response training program.See the full content of this document
Extract
Commentary: How to Prepare for a Cyber Breach
1. Build the response team. The team, led by a data breach professional, should include a designated incident response manager, along with chie...
See the full content of this document
Sponsored links
