By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept
It's Important to Have a Data Security Response Plan

It's Important to Have a Data Security Response Plan

In conjunction with Enterprise Risk Management (ERM) assessments, we’ve noted that Disaster Recovery Plans frequently tend to focus on getting critical support operations and systems back online and do not include appropriately detailed plans to manage a data security incident. Good ERM recognizes that data breaches commonly involve financial information like credit card or bank account details, protected health information (PHI), personally identifiable information (PII), trade secrets, or intellectual property.

When a data security breach or incident is discovered, the systems have likely been compromised for some time. According to the “IBM Cost of a Data Breach Report 2023,” the overall mean time to identify and contain a security breach is 277 days or just over nine months. While this figure has remained relatively consistent over the past few years, IBM reported the average cost of a data breach reached an all-time high in 2023 of $4.45 million. This represents a 2.3% increase from the 2022 cost of $4.35 million. This is a continuing trend; the 2023 average cost has increased 15.3% from the average cost of $3.86 million cited in the 2020 report.

Compromised companies need to respond quickly to minimize damage. The impact of an incident or breach on a company can be reputational damage, misuse or sale of intellectual property and confidential data, operational downtime and disruption, and lawsuits and fines. Customers, clients, business partners and other third parties may also be impacted. Share prices of breached companies hit a low point approximately 14 market days following a breach. Share prices fall 7.27% on average and underperform the NASDAQ by minus 4.18%.

Cybersecurity experts continually advise clients that it is a question of “when, not if” a company will face a cybersecurity incident. What’s more, according to DataBreaches.net hackers are getting increasingly creative by weaponing new SEC disclosure requirements by reporting companies to the SEC as a tactic to pressure them to pay the ransom as soon as possible. It is therefore exceedingly important for organizations to have a Cybersecurity Incident Response Plan that details the procedure when a cyber incident or breach is suspected. What’s more, the movement to real-time payments exacerbates the financial and reputational impact of cyber incidents and requires swift response,

If you’d like a copy of our Data Security Response Plan Guide or want to have a confidential conversation about ERM and our Fractional CRO services, just click the following link.

Contact Us - The Tomorrow Group LLC