Cybersecurity Incident Response: Planning is just the beginning

By now, most senior-level executives have heard that either you have had a data breach or you just don’t know that you’ve had a data breach. Cyberattacks are now as much a part of doing business as taxes and financial statements, and they are getting expensive. According to the 2015 U.S. Cost of a Data Breach Studyby the Ponemon Institute, last year there was an 11% increase in the total cost of a data breach, to a $217 average per lost or stolen record. To be sure, those numbers are based on estimated costs of actual data loss incidents, not hypotheticals.
Today’s organizations face a sobering reality. The question is no longer whether we will be breached but when we will be breached. Cybersecurity is a C-suite and board-level issue requiring a comprehensive risk management strategy, intelligent investment and integration across the organization.
In an effort to support senior financial executives in their cybersecurity incident planning and response, this report’s findings are based on in-depth interviews, conducted between August and September 2015, with 10 subject matter experts of various specializations, including legal, PR and communications, insurance, and IT security. The interviewees provided their perspectives on cyberrisk management strategies and best practices in cyberbreach response.