How to Respond_ Data Incident Checklist

This is a guest post written by Elizabeth B. Vandesteeg, Financial Services and Restructuring Partner at Levenfeld Pearlstein, LLC. 

In recent years, data security incidents and breaches have become increasingly more common and expensive. For the past 17 years, IBM Security, with research conducted independently by the Ponemon Institute, has published an annual “Cost of a Data Breach Report.”

Some key findings in the 2021 Report include:

  • The average total cost of a data breach was $4.24 million – a 10% increase in 2020-2021, the largest single-year increase in the last seven years.
  • The average cost of a ransomware breach rose to $4.69 million.
  • The average cost of a breach caused by a business email compromise was $5.01 million.
  • The average total cost of the breach increased by $1.07 million where remote work was a factor in causing the breach.
  • Healthcare has had the highest industry average cost of a data breach for the past 11 consecutive years.
  • Of all the various costs associated with a data breach, lost business is the largest share at 38%, including customer turnover, system downtime, and reputational damage impacting future growth.
  • The current average cost per record of customer personally identifiable personal information rose to $180.
  • Compromised credentials were the leading cause of breaches, responsible for 20%.
  • On average, it took organizations 287 days to identify and contain a data breach (with longer times resulting in higher costs).
  • As a country, the United States had the highest average cost of a data breach for the 11th year in a row.

Security incidents and data breaches may often be caused an event such as hacking, phishing, malware, theft, and misuse of data. Businesses should be careful when using the word “breach” to describe a data-security-related incident since not all security incidents arise to the level of an actual breach, which may trigger various legal and notification requirements. If your company is subject to a security incident or breach, it is important to act quickly, respond appropriately, and preserve evidence. 

Because data security incidents and breaches impact almost every component of the organization, and failure to properly manage the situation can result in both long- and short-term consequences, an Incident Response Team should be identified before one occurs. The team should include “C” level decision-makers in the following areas: legal, IT, risk management/insurance, HR, marketing, public relations, compliance, and internal audit, physical security, other executives (as appropriate), and third-party response services (e.g., forensics, privacy counsel, notification). Different members of the Incident Response Team may be activated at different points in time, depending on the severity of the incident.

Learn what the CEO of BigTime has to say about the security benefits of cloud-based software in a recent 2022 predictions article.

The following checklist outlines the steps to be taken in the event of a data security incident:

  • Identify the incident or potential incident.
  • Immediately report the incident or threat to the proper party, activating the Incident Response Team.
  • Secure and isolate affected systems to limit further data loss. 
  • Preserve evidence. 
  • Know your role. 
  • Gather information on the incident.
  • Consider involving a forensics team and outside counsel.
  • Analyze the cause of the incident and the affected systems.
  • Analyze legal requirements and liabilities going forward.
  • Comply with legal requirements including breach notification.
  • Remove known vulnerabilities and repair systems. 
  • Respond to third-party inquiries and consider contacting law enforcement.
  • Review analysis and notes regarding the incident.
  • Improve policies and practices as necessary.

We strongly recommend that organizations create and implement a formal written incident response plan that will address each of the steps listed above in greater detail. Having an incident response plan in place (and actively testing it through a “tabletop” exercise on an annual basis), will make a response to the inevitable security incidents far more organized and less painful.

The BigTime team obsesses over your company's privacy and security. That's why we encourage our clients to make the shift from accepting paper checks to adopting an integrated, online payment solution like BigTime Wallet. With online payments, this risk of identity theft and check fraud is significantly reduced. See what other security perks BigTime Wallet offers.