How businesses should prepare for a data breach

The Covid-19 pandemic has forever changed the business landscape. From how customers now expect to interact with companies in a seamless, digital journey to how best to confirm the identity of both new and existing customers, businesses now face a completely new set of operational challenges. Challenges which have accelerated rapidly since the pandemic began.

This change also brings new dangers and threats. Cyber criminals are using this opportunity to target businesses by attempting to access personal information of their customers and employees. The threat is significant - a recent government survey found that 39% of UK businesses reported having cyber security breaches or attacks in the last 12 months alone.

There are steps that can be taken and a strong, robust data breach response plan is crucial. However, the longer a business takes to respond to a breach, the more challenging it becomes for them to maintain its reputation and the trust of its customers.

Here are five factors to consider when developing a response plan, ensuring businesses are in a strong position to respond confidently and effectively if they become a victim of a data breach.

1. Be prepared

Financial services have long been the prime target for cyber criminals, but today firms in any sector and of any size are vulnerable – especially with the rapid acceleration of e-commerce and online transactions.

Being prepared means you have the resources to respond quickly and to notify all relevant parties if a breach is discovered, but a response such as this is only possible with extensive forward planning.

Consumer research from Experian found 90% of people would be more forgiving of companies that had a response plan in place, while nearly 70% said they would stop doing business with a company that had a poor response – a strong indication of the importance of having a plan in place.

2. Create a plan

Businesses need to consider the type of data it holds and identify where potential attacks may occur.

The plan should set out how to investigate and resolve any breach, how to notify customers and any relevant authorities, and how to communicate with the wider public too. Preparing these materials and communications in advance will help deploy them quickly, while understanding what resources will be required to contact potentially thousands of customers will need to be considered.

3. Build a response team

It’s vital to assemble a data breach response team well in advance, so the breach can be dealt with as efficiently as possible. This team should include, but may not be confined too, the following:

• Incident lead – determines when a full response should be activated, coordinates the overall response, acts as intermediary between team members.
• Customer Care – assists in developing and delivering phone scripts and notifications, logs call volumes, provides dedicated call centre and email response.
• C-Suite – engages in planning and implementation, maintains communications with directors, stakeholders and investors.
• IT – identifies security risks, trains personnel in data breach response, works with partners to identify compromised data and eliminate hacker tools.
• PR/Communications – determines notification and crisis-management tactics, develops customer communications, tracks media coverage and responds appropriately.

Businesses should also identify relevant external partners too, which could include legal, forensics, and data breach response specialists, as well as key influencers, regulators and insurers.

4. Practice and refine

Once a plan is established, businesses should conduct department-specific training and practise its implementation.

Everyone needs to understand their responsibilities, both in preparing and responding to a breach. Only by practising repeatedly can you identify potential weaknesses and gaps in your resources. We recommend conducting simulation drills every six months, involving the entire data breach response team and external partners, covering multiple possible scenarios.

5. The first 24-hours

Acting decisively within 24-hours of any breach is key to regaining your security, preserving vital evidence and protecting customers. As soon as a breach is identified, initiate the plan and mobilise the team. It’s essential to collect and record all the information about the data breach, including all communications with regulatory bodies and legal professionals.

Put customers first

Customers are at the heart of everything a business does in response to a data breach. Any response plan needs to ensure that its ready to notify them quickly and sensitively about any incident. Tell them what’s happened and what actions you are taking - that is crucial in minimising distress, providing reassurance, and at the same time, protecting the businesses’ reputation as well.