Cyber War Games Provides Key Lessons about How Companies Should Respond to a Data Breach
In an article in Dark Reading, Cyber War Games: Top 3 Lessons Learned About Incident Response, provides an overview of Deloitte Cyber Risk Service’s staging of executive war games to show what might happen in the C-Suite after a data breach. The point of the exercise is to "stress test" their incident response plans, and identify the strengths and weaknesses of their communications, protocols, and cyber disaster preparedness.
Data Breach Response Plan
Mary Galligan, director of Deloitte & Touche LLP Cyber Risk Services, stressed: “Without that discipline, there might be no business to return to once the crisis has passed.” Here are some of the key takeaways:
Designate a Crisis Officer
You need someone to direct the data breach response and decisions. This might not necessarily be the CEO.
Be Skeptical About The Information You're Receiving on the Data Breach
Information and intelligence surrounding the breach will constantly be changing.
Resist Finger-Pointing in Any Direction at the Outset
It’s important to keep an objective position until all the facts are clear.
Other Data Breach Response lessons learned include:
You'll never have enough time
Even the most seasoned executives aren’t usually equipped to handle data breach incidents.
Bring in help to deal with the Data Breach
Identify the key areas of crisis where third-party assistance will be valuable.
Don't forget about your employees
While it’s important to keep the media, regulators, and customers in mind. You need to ensure clear communication with employees about the incident.
Don't just do this once
Practice makes perfect.
More on how to Prevent a Data Breach
If you want to get more information on how to prepare for a Data Breach the FTC provides a guide "DATA BREACH RESPONSE: A Guide for Business".
If you have any questions on how to have a plan in place to prevent a Data Breach feel free to contact us.