Many savvy organisations are investing time and thought into data breach response plans.
But plans rarely survive first contact with the enemy. That is why it's important to stress test your incident response plan to identify weaknesses while time is on your side.
Studies show that a swift response to a security incident retains customer trust-and saves costs. Breaches contained within 30 days of discovery cost an average of £2.15m, according to the Ponemon Institute. If it takes more than 30 days to contain the breach, the average cost increases to £2.89m.
But speed can't be mandated by the plan. For this reason, plans should be stress tested on a semi-annual or annual basis, as if you were experiencing an active data breach.
Here are three recommendations to make the most of your stress testing exercises.
Focus on the most likely scenarios
You're more likely to encounter ransomware via a phishing email than a dedicated nation-state penetrating your firewall. As such, focus your stress test on the scenarios that are most likely and threaten the worst potential consequences.
By the time you work your way down to less-likely and less-costly threats, you'll already have covered the common elements of your response. Knowing how to adapt your plan to a specific threat is an expertise unto itself; one that won't emerge naturally in the planning phase.
Make it more than a technical exercise
By the time Target alerted its customers about its historic breach in December 2013, several days already had passed. The delay impacted consumer faith and the retailer's bottom line, and was a consequence of Target's leadership treating the breach as a purely technical issue.
Non-technical staff, such as legal, public relations and human resources, should participate in stress-test activities, too. Try to strike a balance between internal staff, who may be more familiar with the company, and external specialists, who have expertise and can take on extra work.
Apply lessons learned
The true benefit of a stress test is the analysis following the experience. The whole point is to make improvements to your plan by responding to what went wrong and reinforcing what went right.
Your breach response plan should include time for the incident response team to reflect and discuss the exercise. Additionally, ensure that any of the team's recommendations are reviewed and implemented within a specified timeframe.
The benefits of organising and testing your incident response plan could far outweigh the costs. Factor in the peace of mind your C-suite and response team will gain when they feel confident in their plan, and we believe you'll arrive at a compelling argument to place stress tests near the top of your to-do list.
A huge well done to all involved with organising our Remembrance Day event on Friday, including our Corporate Real Estate team. One of them, Ibrahim, took this incredible footage of poppies dropping as he (along with others) leaned (safely!) over the gantry to let them go. pic.twitter.com/pSbapkWBBR— Lloyd's (@LloydsofLondon) November 12, 2018
- FSCS issues warning over insurer records
- FSCS mulls raising levies on brokers using unrated
- Manjit Rana to lead Corporate Innovation insurtech practice
- Staff at collapsed RIIG owed thousands in unpaid wages
- Lemonade rival Hippo secures $70m in funding
- Analysis: Business interruption after Salisbury: Poisoned policies?
- This week: No alarms and no surprises