Member Article

Business Challenge – Just Who’s in Charge of Data Breach Response?

All businesses need a savvy IT department. Whether it’s one person or a consultant in a small business, or a dedicated team, businesses call on experts for the smooth operation of an organisations. Be it a minor inconvenience or a major upset, a business needs to know who to call in an emergency. However, when it comes to a data breach, is it appropriate to expect the IT department will be responsible for the organisation’s entire response plan?

With the help of research consultancy ComRes, Experian discovered how business leadership viewed data breach response plans.

Approaching half (44%) of organisations questioned believe that data breach readiness is the responsibility of the CEO, while 41% put the IT department at the helm in the event of disaster. Large businesses specifically place accountability with IT professionals in their organisations (50%).

This does beg a follow-up question, perhaps for our next research on the topic: Does the IT department know what that huge responsibility entails?

It’s worth reminding all parts of a business of the sheer size of the check-list that should be crossed off in the immediate aftermath of a data breach.

Immediate data breach response:• Customer notification and communication (including readying a contact centre) • Briefing of crisis and communications teams • Readying of insurers and lawyers • Forensic analysis • Credit and web monitoring

Note that this is just in the first 24 hours.

While IT experts can be expected to help with the forensic analysis of what has actually happened, Experian’s research shows many aren’t aware they’re in charge of other frontline duties, such as contacting customers or briefing lawyers.

Not only are businesses in danger of losing customers if a data breach is not handled correctly, but there are also stringent legal requirements that need to be followed in the event of a breach. What’s more, our findings show that only 33% of companies currently have experts at the ready to respond to a data breach.

It’s for these reasons that Experian believes that C-level executives should, in fact, be the driving force behind data breach readiness, supported of course by a raft of teams and measures. Before and during a data breach there needs to be a clear, unequivocal leader – and everyone needs to know who that person is. Not only that, but they need to have a pre-planned response strategy and agenda at their fingertips, including the cleansing of customer data on a regular basis. The C-suite have the clout to make a plan the business will follow-through in an emergency.

Without organised internal and third party support, it is too colossal a task for any leader – whether at IT or C- level – to navigate clearly through the chaos of a data breach emergency. And with both financial and reputational damage on the line, it’s a vital strategic asset to have in place. Make a plan, set owners, and practice. The data breach response is one of those vital ‘hygiene’ items that pays for itself when you need it, many times over.

This was posted in Bdaily's Members' News section by Jim Steven .