How Digital Forensics Detectives Investigate a Data Breach

Travelers red umbrella.
By Travelers Risk Control
2 minutes
Digital forensics detective in server room investigating a data breach

If you suspect that your company’s data has been breached or compromised, you potentially face a number of time-sensitive and highly technical questions. As seasoned digital detectives in the cyber space, digital forensics teams can help companies piece together any evidence and understand the scope of a breach. The information they discover can help you protect your business and your customers now, and help prevent future breaches.

While many companies employ general-skill IT professionals, digital forensics is a highly-specialized skill set, according to Eddie Chang, Second Vice President of Cyber Risk Management at Travelers. While IT teams can get companies back in business following a breach, IT team members are often not trained in forensic investigation techniques that can prevent data from being altered. Travelers enlists with digital forensics firms to investigate data breaches for cyber insurance customers.

“It’s no different from any other crime scene,”Chang says. “The most critical step is preservation of the evidence. If you don’t obtain the evidence properly, everything else you do may be rendered invalid if the case goes to court.”

Among the questions that digital forensics can help answer include:

  • Did a breach really happen?
  • What is the size and business impact?
  • How did the attack occur?

A digital forensics team will examine the network and look for signs of a lingering attack, such as malware or unauthorized user accounts, or accounts with unauthorized privileges. The team can determine if an attack is still ongoing, and firm up the company’s defenses to halt continuing damage. Members of digital forensics teams who have worked with a variety of companies and breaches can bring with them more experience and insight than an in-house team with more limited external exposure might.

“Digital forensics teams can dig deep and turn around lessons learned that can help a company improve their network infrastructure and security,” says Chang.

Understanding Can Aid Recovery

Forensics professionals work closely with a company’s crisis communications team to provide the public and customers with up-to-date information about any private information that may have been compromised, and information on the steps being taken to help protect customers against future breaches.

Getting an accurate count of records that may have been breached is especially important for companies with data that includes private, protected client or customer information such as Personally Identifiable Information or Protected Health Information, which are subject to growing state and federal notification regulations.

These requirements add an extra level of complexity and cost to recovery efforts. The average cost per record in a data breach that contains sensitive or private information grew 8% from $201 to $217 in 2015.1 If a company has 20,000 records compromised, that would amount to $4.3 million.

In the increasingly complicated landscape of data breaches, digital forensics is becoming one of the critical tools that companies can use to piece together clues about the size and scope of a data breach as they work to stem the damage, meet their legal and regulatory requirements and assure customers that they are taking steps to help prevent such a breach from happening in the future.

1 Ponemon 2015 Cost of a Data Breach Study

Business leaders discussing crisis communication plan around a table.

Top Stories

Crisis Communications Planning for a Data Breach

Cyber crisis communication planning can help prepare your business for unexpected data breaches. Learn about crisis communication planning with Travelers.

Prepare & Prevent

Do You Need a Data Breach Coach?

How can a data breach coach help your business respond to data privacy incidents? Here's what you need to know.

Data breach coach meeting with business employer.

Prepare & Prevent

11 Steps to Help Protect Your Business from Cyber Extortion

Extortion as a result of a cyberattack is becoming more and more common for all business types and sizes. Businesses can take these 11 steps to help protect against cyber extortion.

System protected from cyber extortion.

Prepare & Prevent

3 Steps for Data Assessment, Inventory and Classification

Understand your company's data, from data inventory to classification, to help you know how to best protect it. Get tips on data inventory from Travelers.

Employees looking at laptop and taking data inventory.

Get Prepared with Cyber Insurance

Get Prepared with Cyber Insurance

Travelers can help with cyber insurance solutions for your business.