What An Incident Security Plan Could Mean For Your…

Welcome to our third blog in this short series which takes a look at the varying costs of security incidents, which depend on the strength of the response put into place. Well documented research and evidence from reputable organisations  such as Ponemon points to the all-in costs per record of a data breach/data loss incident – ranging up to €160 per record per incident – for organisations that don’t have a well documented and rehearsed security incident response plan.
Bringing Down The Cost
For organisations that invest in well-developed and rehearsed security response plans prior to the loss or breach – they can potentially bring those costs down to an average of €13 per record breached or lost.
So the range of costs for say a 20,000 record breach would be €3.2M for a company with an immature incident response plan to €260,000 for an organisation with a mature incident response plan. Both sets of cost are significant, however it is up to 20 times more expensive for the same scale of breach for organisations with an immature incident handling process.
In Our Experience…
Our experience of helping customers to respond to such incidents backs up this research. Responding to incidents where an organisation is not prepared is typically a car crash scenario. Unplanned reactions in a lot of cases aggravate the incident both at a technical and business level. How many clumsy media statements have we seen from organisations undergoing an incident?
Anxious to respond to the media pressure of the initial incident, they later have to row back with press releases and customer communication details, confirming that they don’t know the basics of what, how, how many, who, when or for how long?
Helpful Response Plans
Helping organisations who have a thorough, documented, rehearsed and maintained incident response plan is different. The incident still happens, but the organisation goes through phases of incident response in a structured and well executed manner.
People throughout the business understand their roles and responsibilities. Communication channels are clear. External agencies and suppliers are identified and notified. Legislative responsibility is understood. These organisations typically minimise their exposure time, minimise the likelihood of aggravating actions, minimise data loss and restore normal service and business faster.
They also usually preserve or maintain digital evidence so the event can be investigated properly, and prosecutions civil, criminal or other can be brought successfully if required.
Competence Intact
Most importantly, despite a potentially damaging event, the organisation appears competent thus reassuring their customer and partners, and stands a better chance of surviving the incident and improving their security processes in the future.
Next Week…
We talk you through what your Incident Response plan should include and how best to maintain it.