Data Breach Response Planning 101
Don’t think in terms of “if” you’ll suffer a data breach, but rather, “when.” Once you establish this mindset, it’s time for you to develop a response plan. After all, a security system that’s impenetrable has yet to be invented.
What’s even more, an amazing number of businesses don’t even have the best security system available. So again, the data breach is a “when,” not an “if.”
For starters, a response plan should include as much information about the incident as possible, remaining transparent (consult your legal team about the types of information that should and should not be disclosed) and being aggressive at managing the circumstances.
Another area to consider when developing a response plan is how the data breach will impact customers and clients—namely, their trust in the company. The Ponemon Institute states that much of the damage from a data breach stems from the loss of customer trust in the company.
Though the average number of customers who vanish following a data breach came in at 4 percent, says the study, there are enterprises that see an average “customer churn” rate of 7 percent. While it may seem small, it will undoubtedly be noticeable when it comes to the bottom line, , and the healthcare and pharmaceutical industries are just the type to suffer this degree of loss.
So how can a company prepare to retain as many customers as possible following a data breach? Be prepared, and this preparation should include a way to stay level-headed.
One way to stay cool and collected is to avoid jumping the gun when the breach occurs, because if the business is too hasty at revealing the breach, the organization will have that much less time to respond in an efficient, optimal matter. Thus, take the time to consult with experts and gather all of the facts before reacting.
Robert Siciliano is an Identity Theft Expert to AllClear ID. He is the author of99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.