Many savvy organisations are investing time and thought into data breach response plans.
But plans rarely survive first contact with the enemy. That is why it's important to stress test your incident response plan to identify weaknesses while time is on your side.
Studies show that a swift response to a security incident retains customer trust-and saves costs. Breaches contained within 30 days of discovery cost an average of £2.15m, according to the Ponemon Institute. If it takes more than 30 days to contain the breach, the average cost increases to £2.89m.
But speed can't be mandated by the plan. For this reason, plans should be stress tested on a semi-annual or annual basis, as if you were experiencing an active data breach.
Here are three recommendations to make the most of your stress testing exercises.
Focus on the most likely scenarios
You're more likely to encounter ransomware via a phishing email than a dedicated nation-state penetrating your firewall. As such, focus your stress test on the scenarios that are most likely and threaten the worst potential consequences.
By the time you work your way down to less-likely and less-costly threats, you'll already have covered the common elements of your response. Knowing how to adapt your plan to a specific threat is an expertise unto itself; one that won't emerge naturally in the planning phase.
Make it more than a technical exercise
By the time Target alerted its customers about its historic breach in December 2013, several days already had passed. The delay impacted consumer faith and the retailer's bottom line, and was a consequence of Target's leadership treating the breach as a purely technical issue.
Non-technical staff, such as legal, public relations and human resources, should participate in stress-test activities, too. Try to strike a balance between internal staff, who may be more familiar with the company, and external specialists, who have expertise and can take on extra work.
Apply lessons learned
The true benefit of a stress test is the analysis following the experience. The whole point is to make improvements to your plan by responding to what went wrong and reinforcing what went right.
Your breach response plan should include time for the incident response team to reflect and discuss the exercise. Additionally, ensure that any of the team's recommendations are reviewed and implemented within a specified timeframe.
The benefits of organising and testing your incident response plan could far outweigh the costs. Factor in the peace of mind your C-suite and response team will gain when they feel confident in their plan, and we believe you'll arrive at a compelling argument to place stress tests near the top of your to-do list.
- Cost of motor claims hits highest ever level
- Aviva hires LV and Zurich bosses in commercial growth plan
- Ombudsman launches review following undercover investigation
- Loss adjusting and insurtech gains fail to stem Charles Taylor profit decline at full year
- MCE to pull out of Ireland following ‘incredibly disappointing’ loss of passporting
- Munich Re to cut 900 jobs as reinsurer targets profits surge in 2018
- NMU to close Letchworth office in restructure