Developing a Data Breach Incident Response Plan

Travelers umbrella logo.
By Travelers Risk Control
3 minutes

Data breaches and theft are reported daily, and hackers continue to find ways to attack data, in spite of tools and strategies to tighten data security. Every business should plan for the unexpected, including a data breach that can hurt your brand, customer confidence, reputation and, ultimately, your business.

It is important to develop an incident response plan to help you detect an attack and have procedures in place to minimize or contain the damage. Your plan can begin with being aware of the data security regulations that affect your business and assessing your company data security gaps.

Once you have your plan in place, test it often. Early detection of a breach is a key benefit of an effective incident response plan.

Be Prepared and Plan Ahead

  • Establish a response framework. An effective incident response plan contains a framework for action where key decisions are made ahead of time and do not have to be made under pressure.
  • Publish incident notification procedures. This information should be published for all personnel, including employees and contractors. It can also be part of new hire orientation and routine employee awareness activities.

What to Do if a Breach Occurs

  • Validate the data breach. Be sure to examine the initial incident information and available logs to confirm that a breach of sensitive data has occurred.
  • Manage the evidence. Carefully document all investigation and mitigation efforts. Any interviews with key personnel should also be documented. You should seek advice from your legal counsel on the approved methods for protecting digital evidence.
  • Assemble your incident team, and begin investigating the breach. Your response team should also continue to monitor the status of the breach.
    Decide on effective outside help. Any decision to involve outside resources, including law enforcement, should be made by consulting with executive leadership and legal counsel.
  • Take action to mitigate the impact. Act quickly to reduce the impact as much as possible. You should work to identify and secure all affected data, machines, devices and systems, as well as isolate and preserve the compromised data. Be sure to change encryption keys and passwords immediately to prevent further access. Your network should be cleaned of malicious code, which may take a lot of resources depending on the size of the breach.
  • Notify data owners. If your customers' information is exposed, affected individuals should be notified as soon as possible and within the timeframe of the federal, state and local laws. Your public affairs or media relations staff, in conjunction with executive leadership and legal counsel should word the notification in a straightforward and honest manner.
  • Conduct "lessons learned" and tests for continuous improvement. Your company should always hold a "lessons learned" meeting after the recovery phase to refine your data security program and breach response strategy.

Are You Prepared for Cyber Risks?

A detailed cybersecurity guide for small and medium-sized businesses.

Cyber team at company working on pre-breach plan.

Top Stories

How Pre-Breach Planning Can Help Protect Your Company

Preparation is key to mitigating a potential cyber event. Follow these steps from Travelers to help prepare your organization to deal with a cyber breach.

Related Products & Services

We understand the complexity of cyber threats and have cyber liability insurance solutions to help protect your business assets.

More Prepare & Prevent

5 Ways to Help Protect Your Company's Data

Employee error is a common cause of business data breaches. Get employee information security tips from Travelers to help avoid data breaches.

Cyber security graphic icons on a screen.

More Prepare & Prevent

How Multifactor Authentication Can Help Protect Against Cyber Threats

Multifactor authentication (MFA) can help stop cyberattacks by requiring a second form of verification that can block most account-compromising attacks.

Young businesswoman sitting on a park bench, logging in to laptop while holding smartphone with a security key lock icon on the screen.

More Prepare & Prevent

Do You Need a Data Breach Coach?

How can a data breach coach help your business respond to data privacy incidents? Here's what you need to know.

Data breach coach meeting with business employer.