September 14, 2017

Build a better cyber breach policy – and stay out of court

When a cyber breach catches a company off guard, its leaders won’t just pay to pick up the pieces – they might face litigation over charges they didn’t do enough to prepare and protect their business.

Cybersecurity professionals have adjusted their defenses in the wake of WannaCry and subsequent breaches, but it’s not just a problem for IT to solve in a vacuum. Board members, officers, and directors need to be trained, too.

When business leaders review their cyber breach policy and undergo training in best practices, it sends a strong message to the rest of their employees. It also gives executives a strong defense in the courtroom if catastrophe strikes.

Stay lean and get involved

Employees from the top down need regular training on cybersecurity. The best safeguards in the industry won’t help much if they’re not correctly used. About 30 percent of data breaches come from negligent employees or contractors accidentally releasing sensitive data.

Cybersecurity policies need to be dynamic and broadly applicable to stand the test of time. What does that mean? For example, WannaCry grabbed international headlines, but executives shouldn’t build a policy that fixates on WannaCry-style attacks. Nor should executives try to account for every kind of theoretical data breach. That kind of thinking will produce a complex document that isn’t practical when employees need to act quickly.

The key is not to over-complicate the policy. It’s better to have a lean, agile response policy that is tested 100 times than a bloated document that tries to account for 100 contingencies.

The unexpected costs of cyber breaches

On its own, a security breach is costly enough: the repercussions of stolen data on employees or customers are self-evident. But not enough businesses consider the extra costs of a cyber breach until it is too late.

For example, a retailer hit by a cyber breach will suffer a break of trust with its customers and partners, which can hit hard in a competitive market. Then they’ll have to notify customers their information might have been compromised, which costs money. They’ll have to perform credit monitoring, which costs more money. There’s forensic investigation, potential fines, and other fees – and it adds up quickly. All told, the cost of a breach could range from $200 to $395 per transaction. Cybersecurity insurance can shield a business from these unexpected financial costs.

When it comes to cybersecurity for businesses, an ounce of prevention isn’t just worth a pound of cure. It could mean the difference between a swift response and minimized losses, and a business disintegrating under the weight of fines, fees, lost customers, and finger-pointing in the courtroom.

blog comments powered by Disqus

Insights in Your Inbox
Find Us
  • OR