Why You Need a Data Breach Recovery Plan
by Bridget.Giacinto, on Nov 6, 2015 4:02:23 AM
Organizations have processes for everything from how to communicate with clients to how information is shared. However, there are a number of businesses that are still unprepared for events related to data breaches. This could be for a variety of reasons including: a limited budget, the feeling that it won't happen to you or simply not knowing where to start. Data breach recovery plans are absolutely essential and there are a few reasons why you should develop one now:
1. Catastrophic consequences
Data breaches affect businesses on a number of levels, and sometimes the repercussions are too overbearing to come back from. According to research from the Ponemon Institute, the total average data breach cost is $3.8 million, with $154 per stolen or lost record. The price tag increases further as affected organizations hire experts to fix the issue, investigate the origin of the breach and establish monitoring for victims. These expenses make it significantly more difficult for small businesses to recover from. But that's not where the consequences end. Data breaches also lead to lost business and massive reputation hits, which could cause the company to shut down for good.
2. Everyone's a target
"Within the past few years, we've witnessed massive breaches on enterprises that have caused significant repercussions."
Many organizations make the mistake of simply hoping that a breach won't happen - but it's only a matter of time until one strikes. Just within the past few years, we've witnessed massive breaches on enterprises like Target and Home Depot, among others, that have caused significant repercussions. A separate Ponemon study found that 43 percent of respondents experienced a data breach between 2013 and 2014, USA Today reported. To make matters worse, 27 percent didn't have a data breach response plan or team in place. Having an established strategy will help you survive the hit and quickly get your operations back to normal.
"Most organizations, and I'm only talking the sophisticated ones, have done a little, but it's not enough," industry expert Ted Julian told USA Today. "Breaches are now just a part of life, and yet when they happen too often companies pull out 'a dusty incident-response plan that hasn't been touched in two years.'"
3. Stay compliant
If you're in a highly regulated field, like health care or retail, you are probably familiar with the standards set by HIPAA, Sarbanes-Oxley and other legislation. As TechTarget contributor Kevin Beaver pointed out, these government and industry guidelines have requirements related to incident response, which encapsulate data breach response plans. In order to protect your data and stay compliant with these rules, you'll need to create a strategy that outlines the who, what, where, when and how to act in the event of a data breach.
But the preparation doesn't just stop at making a document that details your plan - you must also actually test it out. You'll need to determine how long it will take to recover critical information, and what issues may occur during such an event. This will help develop your response plan and ensure that you are ready to act at a moment's notice.