A data breach response plan is a strategy that helps businesses detect and respond to information security violations in a quick and coordinated way. Having a response plan will minimise the financial and reputational damage that comes with a breach incident and ensures compliance with GDPR rules.

If your business is unprepared following a data breach, it will put you under huge pressure. Under GDPR rules, a breach incident must be reported to the Information Commissioner’s Office (ICO) without delay and within a maximum of 72 hours.

Trying to cope with meeting compliance rules and simultaneously managing the fallout of a data breach will stretch your resources and disrupt day-to-day business operations. That’s why we cannot understate the importance of your business having a data breach response plan.

Worryingly, according to a PwC Global Economic Crime and Fraud Survey, just 30% of businesses  worldwide have a data breach response plan in place. Unfortunately, in the event of a breach, no plan often means slow action by which time the long-term damage may have been done.

How to Create a Data Breach Response Plan

To avoid the pitfalls that follow a data breach, here’s how to create a robust, effective response plan:

#1 – Assemble a data breach response team

Assembling a data breach response team ensures an effective and efficient way to mitigate the damage and execute your response plan. Having a team that’s aware of its responsibilities means that your plan can be activated the moment a breach is discovered.

The size of your organisation will determine the structure of your team. It could include the following personnel:

  • Data Protection Officer
  • Data Breach Response Team Coordinator
  • Legal and Compliance Officer
  • Head of IT
  • Human Resources Manager
  • Marketing and PR Executive

Each individual role plays its part in a coordinated response. However, activating the team isn’t always necessary. It’s down to the person responsible for compliance at board level  to decide if a breach is so serious that it needs escalating to the data breach response team based on who has been affected, the potential legal, financial and reputational ramifications and the disruption to the business.

#2 – Get cyber insurance

Data breaches are a daily threat to your business, so having cyber security insurance as part of your data breach response plan gives you coverage if you have to activate your response team. Having the right insurance coverage is crucial to safeguarding your company against significant financial losses.

You can then call on your insurance policy as part of your response plan to protect the wellbeing of your business financially.

#3 – Include a containment process

Having a containment process as part of your plan means that your response team and other personnel know exactly what to do to contain a breach when it’s discovered. This should include:

  • Date and time recording of the breach
  • Alerting and activating your response team – including the date and time of activation
  • Closing down systems affected
  • Gathering documentation

#4 – Include an evaluation process

Every response requires an evaluation process to identify areas for improvement in cyber security. An evaluation should include:

  • An initial investigation into the breach
  • A risk assessment
  • Establishing the priorities following a breach
  • A forensic investigation into the breach – you may need to engage a forensics firm for this

#5 – Include a notification process

Your data breach response plan should include a notification strategy to, where required,  alert the authorities within the 72-hour timeframe and any people that have been affected by the breach. This is where you can utilise your marketing and PR team and seek legal advice to effectively, and honestly, make the necessary people aware of a breach incident.

#6 – Include a prevention plan

Your response plan should have a future prevention plan to improve your data protection measures. A prevention strategy should include:

  • A review of the findings into your investigation
  • An update of your response plan
  • A plan to train staff on updated procedures and responsibilities
  • An audit of your response process

Expect the unexpected

Data breaches can happen unexpectedly and it’s best to be prepared. It’s a cliché, but fail to plan, then you plan to fail. You might think that protecting your IT is sufficient, but with more than 80,000 cyber-attacks occurring per day, you can never be too careful.

The time, cost and resources it takes to develop a plan will be significantly less than experiencing a data breach.

If you would like to create a data breach response plan, get in touch with DPA/OK today.