Do You Need a Data Breach Coach?
Most organizations need a data breach coach when they experience a cybersecurity failure. Unless your organization has IT and legal experts with data breach expertise on staff and you can answer the following questions in the affirmative, you will probably need one too: Does your organization have an attorney with years of experience managing cybersecurity incidents? Who in your organization knows the right incident response vendor to call, or whether the incident involves ransomware, a stolen laptop or a massive database hosted in the cloud? Who is familiar with the laws – foreign and domestic, federal and state – that impose data breach notification requirements? Who is skilled at working with regulators to minimize potential exposures to regulatory fines and penalties?
If not, you should probably call a data breach coach when a cyber incident occurs.
A data breach coach can help guide you when your organization has had a data incident. When you consider the growing number of data breaches that are happening, the value of a data breach coach becomes evident. Data breaches have reached an all-time high, through a startling combination of cybercrime and employee negligence or errors. The number of data breaches in the United States continues to grow and in 2017 alone, more than 178 million records were exposed.1
While the aftermath of a data breach can be a massive headache for business stakeholders and their customers, the financial repercussions can be downright devastating. The average total cost of a data breach in the U.S. has risen to over $7 million, according to the latest Ponemon Institute study.2
So what can you do to help ensure your business is taking the necessary steps to minimize the risk of a data breach, and to help your organization recover quickly after a cyber incident? That's where a data breach coach comes in. We sat down with a data breach coach to find out how organizations like yours can benefit from their services.
What does a data breach coach do?
A data breach coach is an attorney who specializes in data privacy and cybersecurity and has relationships with third-party forensics investigators, crisis communications professionals and other services an organization may need in the wake of a cyber event. Because data breach coaches are familiar with these vendors, they can engage them immediately on their clients' behalf and help ensure a speedy response.
Data breach coaches also help their clients understand the necessary steps they must take to report and document any data incidents and help manage communications with law enforcement, credit monitoring vendors, call center vendors, public relations and other services.
In addition to helping organizations after an incident or breach, data breach coaches can also offer advice on building an incident response plan, developing cybersecurity awareness programs and facilitating other efforts businesses can take to minimize their risk.
The average total cost of a data breach in the U.S. has risen to over $7 million.
*Ponemon Institute
© 2018 Cost of Data Breach Study: Global Overview
What does a data breach coach offer that existing internal resources do not?
Data breach coaches can help organizations find incident response vendors with the appropriate experience and expertise to handle a cyber incident. Even experienced in-house IT and legal teams can lack the specific expertise necessary to execute the variety of tactics and protocols required to fully manage a cybersecurity problem. Many organizations falsely assume that, because they already have IT experts and a legal team in-house, they're covered. However, in many cases, an organization's general counsel may not be familiar with the laws that organizations must comply with as part of an event response. Every state has its own data breach notification laws, and those laws vary substantially in determining when notification is required, who is entitled to receive notification, what must be included in the notice and how quickly notification must be made. On top of that, organizations must consider federal laws, such as HIPAA, and even international laws, such as the GDPR.
In addition, most IT departments do not have the resources to conduct a timely, independent and unbiased investigation into the event. Even seasoned IT professionals with years of experience managing complex hardware and software systems may not have the expertise to extract and analyze log files and other forensic evidence. Data breach coaches can help organizations find incident response vendors with the appropriate experience and expertise to handle a cyber incident, whether the data was stolen from a mobile device, a corporate network or even the cloud.
When should I bring in a data breach coach?
If you suspect that your organization's data has been compromised, it’s critical that you report your concern to your insurer as soon as possible – regardless of the perceived severity. The sooner you report the incident, the sooner your insurer can provide you access to a data breach coach to help coordinate an appropriate response. For example, if an employee accidentally sent sensitive information to the wrong recipient or reported a missing laptop, or if you have reason to believe an unauthorized person has access to your data, it's worth reaching out to your insurer who will contact the data breach coach on your behalf.
Even if you are uncertain whether your organization has lost data, it can make sense to bring in a data breach coach to help manage the incident. In many cases, an organization may not know whether a breach has occurred until an investigation has been conducted. If the organization downplays the incident and fails to conduct a proper investigation, it may draw increased scrutiny from regulators and even lawsuits if a breach is later discovered.
When a data privacy event occurs, every moment counts. Breach notification laws can have short deadlines, and it often takes time to determine what data was lost and whether notification is required. Also, it can take mere seconds for a hacker to begin exfiltration of sensitive data – so the sooner you bring a data breach coach into the loop, the sooner they can engage the necessary resources and help prevent further loss of data.
What information should I have on hand when I call a data breach coach?
Before you call a data breach coach, try to collect the following information:
- What happened? Provide as much information as possible about the incident.
- When did you first notice this issue? Give the approximate date and time your organization discovered the incident.
- What was compromised? List any devices or data you believe may have been exposed.
- Who has access to it? List any employees, vendors or other personnel who have access to the devices or data in question.
- How do you usually secure it? Explain your security protocol for protecting this asset.
Additionally, have your incident response plan handy, assuming you have one. The plan should provide useful information about all of the stakeholders who will need to be involved in the incident response effort, as well as procedures to follow and guidelines for addressing specific issues that may come up.
How can a data breach coach help if an incident occurs?
While every incident is different, there are typically three phases of an incident response:
1. Investigation
The data breach coach will likely begin by asking you a series of questions (often including those listed above). Based on this information, they'll decide whether the issue necessitates a digital forensics investigation. If so, the forensics team will dig into your systems to identify what happened, how it happened, whether or not it's still ongoing and how to remediate the cause of the incident. Notably, by using a data breach coach, the investigation may be protected by privilege in the event of any future litigation.
2. Disclosure
The data breach coach will determine whether data privacy laws or contractual obligations require the organization to disclose the incident. If so, the data breach coach will assist you in preparing a legally compliant notification to send to affected individuals, regulators, consumer reporting agencies, clients, business partners and any other third parties whom you're obliged to inform.
3. Defense
Finally, the data breach coach will work to coordinate the organization’s response to any inquiries from the media, regulators, customers or other individuals in such a way as to ensure that your organization has acted diligently and in good faith in investigating, responding to and remediating the breach.
It's critical that you don't wait for your organization to experience a data breach before reaching out for help. By investing in cyber insurance coverage, you can secure access to a data breach coach to help ensure your organization is prepared to deal with potential data security challenges that lie ahead.
Sources
1https://www.idtheftcenter.org/images/breach/2017Breaches/2017AnnualDataBreachYearEndReview.pdf2 Ponemon Institute© 2018 Cost of Data Breach Study: Global Overview