Breach response
planning
David Legassick – Head of Life Sciences, Tech & Cyber
Sarah Bolger – Senior Claims Examiner
09 March 2018
2
Agenda
Why is a Breach response plan crucial to any organisation?
• Preparation:
o Understanding your exposure,
o Creating your plan,
o Building a team response.
• Stages of a Breach response:
o Detection and analysis,
o Investigation, containment and eradication
o Impact assessment,
o Recovery,
o Notification and communication,
o Evaluation and improvement.
3
Video
https://www.youtube.com/watch?v=kCrV_hQ1W-Q
4
5
Why is Breach Response Plan Crucial?
“Many executives are declaring cyber as the risk that
will define our generation”
Dennis Chesley: Global Risk Consulting Leader, PwC
1. Expedite the recovery of business networks/systems
to enable organisation to operate and earn revenue,
2. Reduce reputational damage,
3. To inform and reduce the impact on individuals
affected,
4. Comply with regulatory and legislative
requirements.
6
Legislation – penalties and notification:
• Current UK Data Protection Act – Max fine £500,000
• Current UK Data Protection Act – No general mandatory
breach notification to data subject except for internet and
telcoms service providers.
Must advise ICO if breach likely to impact data subject.
• New EU GDPR – Max fine is the greater of 4%
global T/O or €20,000,000.
• New EU GDPR – Mandatory Breach notification or
serious Breaches for all data controllers to both
data subject & ICO.
Why is a Breach Response Plan Important?
7
Developing a Data Breach Response Plan
Understand your
exposure
Create plan and
procedures
Build the response
Team
Test the plans
8
Understanding your Exposure
Clients should have in place a full Information Security
Management System including:
• Asset identification and classification,
• Risk assessment leading to appropriate protections
technological and human.
9
The plan should include the following standard operating
procedures:
• Investigation and containment,
• Impact Assessment,
• Recovery,
• Notification/Communication,
• Evaluation.
Create Plan and Procedures
10
The rapid response team should include:
• Information Technology (IT),
• Legal Counsel,
• Operational and executive management,
• Public relations,
• Risk management,
• Human Resources.
Building a Response Team
11
At least annually:
Update in line with any significant changes in the business
including:
• Technology
• Activities
• Locations
Test the Plans
12
“Tomorrow's battle is won during today's practice”
• Detection and analysis
• Investigate, contain & eradicate
• Impact assessment
• Recovery
• Notification and communication
• Evaluation and improve
The Stages of a Breach Response
13
• An acknowledgement of that an incident has occurred and
an apology,
• A description of how and when the Breach occurred,
• What data was involved,
• What you have already done to respond to the risks
poses by the Breach,
• The steps individuals can take to protect themselves
and also what you are willing to do to help them,
• Provide a way in which they can contact you for
further information,
• How to contact you – a free phone number, email
address or a web page.
What Should Notification Include?
14
• Post incident review,
• Lessons learnt report,
• Best practice implementations.
Evaluation
15
Video
https://www.youtube.com/watch?v=r5k06MJeLDw
16
• Regular data asset audit and risk assessment,
• Implement information security management system,
• Staff training,
• Breach detection,
• Develop a Breach response plan,
• Test the plans.
Summary
17
Top Related