How to Respond to a Data Breach as a Business

Since data breaches are becoming more common, how you respond to one can go a long way in maintaining your business reputation and keeping you from losing the trust of your customers.

As with any crisis, a quick and decisive response is critical. But here’s the problem: most breaches go undetected for a long time. A 2016 report by FireEye found it took companies in the world an average of 146 days to detect a data breach. A separate report found 81 percent of data breaches aren’t detected until news reports, law enforcement notifications, or external fraud monitoring. The longer a breach goes undetected, the more harm it can do to your business.

If you are unfortunate enough to experience a data breach, here are some suggestions on how to respond:

Stay calm and take the time to investigate thoroughly. You might be tempted to quickly patch a hole so you can get your business back up and running, but this could leave you vulnerable to another breach.
Get a response plan in place before you turn the business switch back on.
Notify your customers and follow your state’s reporting laws. Not following through on this could subject you to penalties and further legal troubles.
Call in your security and forensic experts to identify and fix the problem.

Game Plan

Consider buying data breach insurance. Your policy should cover costs for:

Responding to a data breach, including forensic investigations.
Notifying affected customers.
Developing crisis management plans, along with PR and advertising campaigns to repair your image.
Legal defense and liability requirements, such as civic awards, settlements and judgments.

Develop a data breach response plan before you have a problem and test it periodically with some “what-if?” scenarios.

Read more about what each state requires for security breach notification.

How to Respond to a Data Breach

Game Plan

Need Business Insurance?

Related Articles