Every business, large or small, should consider the growing exposure to loss or theft of personally identifying information of customers or employees and be prepared to respond to an unfortunate event. Data security is one of the top risks that any organization faces.
Based on a Trend Micro-sponsored Ponemon Institute study, more than 78 percent of organizations have suffered at least one data breach over the past two years.
We discussed some basic steps that any organization can take to protect sensitive data and to control technology practices in our blog last year: Protect your business from data theft.
Early detection and response is crucial in mitigating the financial risk of a breach event. An effective incident response plan can help you detect an attack and outline procedures to minimize damage.
You may wish to purchase insurance to assist you with pre-breach preparations and with expenses involved in responding to and containing a loss of sensitive company information. When considering data breach expense coverage, look for a policy and company that provides you with:
- Ongoing breach preparation tools and services, providing you with templates for development of an incident response plan, current information about notification laws for your state and educational resources including data protection tips and an encryption guide
- Direct access to individuals who are trained to help you assess breach situations and guide you in your response to the event, helping you to mitigate the effects. They should be able to alert you to compliance issues, including laws and regulations that may affect your business
- Coverage for forensic analysis and legal review of the event to determine if there was a breach and what likely caused it
- A toll-free helpline for your customers, clients, members and employees whose personally identifiable information may have been exposed, to answer their questions about the breach and give them guidance
- Optional enrollment available to affected individuals for services that include a credit report and automatic monitoring of credit and public record activities, when Social Security or driver’s license numbers have been exposed
- Services of an identity restoration case manager for individuals who appear to have been the victim of identity theft as a result of the breach. This case manager helps the victim correct credit and other records and regain control of their personal identity
Ninety-seven percent of data breaches examined in the 2012 Verizon Data Breach Investigations study were avoidable through simple or intermediate controls. By taking steps ahead of time to protect your sensitive data, developing an incident response plan and purchasing insurance coverage to help you respond to a breach and mitigate damages, you are well on your way to managing a risk that can cost you time, money and your reputation.
Submitted by Tamala Whitaker at Cinfin.com