CH 9: Data Breach Incident Plans

Question 1

Confirmed disclosure of data to unauthorized party. Requires notification to authorities and/or customers.

Answer 1

Data breach

Question 2

A situation in which the confidentiality, integrity or availability of personal information may potentially be compromised. May not require notification.

Answer 2

Data incident

Question 3

Average cost of data breach worldwide

Answer 3

3.92 million

Question 4

data breach risks for an organization

Answer 4

1) loss of revenue
2) legal & regulator fines
3) loss of business
4) impact on business relationships
5) loss of customer trust
6) damage to public perception

Question 5

data breach risks for an individual

Answer 5

emotional distress, identity theft, personal reputational harm, financial damage from misuse of credit/debit cards

Question 6

What is the top cause of breaches?

Answer 6

Malicious or criminal attack.

Question 7

How do breaches occur?

Answer 7

Malware (28%), internal actors (34%), hacking (52%), phishing (32)%, perpetrated by outsiders (62%)

Question 8

How can you prepare for an incident?

Answer 8

Incident response team and plan in place, employee training, threat-sharing, BCM involvement, board-level buy-in

Question 9

How can you prepare your team for an incident?

Answer 9

Training (e.g., tabletop exercises), be an active members of the incident response team, provide guidance on breach notification requirements

Question 10

Who should fund training?

Answer 10

Leaders often disagree; consider a shared-cost arrangement

Question 11

Who should receive training?

Answer 11

Different levels for different groups, but all employees should have a basic understanding

Question 12

Who should lean incident response plan creation?

Answer 12

Privacy office or legal; with help from IT, communications, HR, senior management, etc. Stakeholders will vary by organization.

Question 13

What guidelines, processes and procedures will you need to develop in order to create an incident response plan?

Answer 13

Roles & responsibilities (who will call the shots), severity ratings and triggers for escalation, team contact info (a breach will not happen at a convenient time), how to report suspicious communications/activity, regulatory requirements, how to interact with authorities, info on key vendors and counsel (who are your lawyers that you call straight away), integration with business continuity plan, and post-incident process

Question 14

What are the steps to take in a breach?

Answer 14

Secure your operations (e.g., stop additional data loss, secure physical areas), notify appropriate parties, and fix vulnerabilities..

Question 15

What are potential consequences of inconsistent messaging?

Answer 15

Evidence of poor planning, loss of trust, people make assumptions about what’s true, and legal liability issues.

Question 16

Why should internal announcements be made at the same time as external?

Answer 16

To align messaging, avoid leaks, and demonstrate transparency.

Question 17

What do employees need to know about an incident?

Answer 17

Information that affects their jobs, what to keep confidential,

Question 18

What’s the nature of the breach? How many individuals impacted? Is information accessible and usable? Is breach likely to lead to harm? Can harm be mitigated?

Answer 18

Things to consider when deciding whether to make an external announcement if there is no legal obligation to do so.

Question 19

What are the costs involved with a data breach?

Answer 19

Punitive costs, first-party costs (e.g., legal counsel, crisis management), remediation costs, intangible costs (e.g., customer retention)

Question 20

What principles do breach obligations adhere to?

Answer 20

Preventing harm, collection limitation, accountability, and monitoring and enforcement.

Question 21

Why train?

Answer 21

Expose gaps, cultivate security, reduce financial liability and regulatory exposure, lower breach-related costs, preserve brand reputation and integrity

Question 22

Average cost of U.S. breach

Answer 22

8.19M

Question 23

Average number of businesses that go out of business within three years after breach

Answer 23

60%+

Question 24

Average size of a data breach

Answer 24

25,575 records

Question 25

Average cost per record

Answer 25

$150 globally

$242 in U.S.

Question 26

Average time to contain a breach

Answer 26

279 days

If the breach requires more than 200 days to conclude, it on average costs 1.2M more

Question 27

Lifecycle of a hack - from breach to containment

Answer 27

314 days

Question 28

Cost distribution of data breach over time

Answer 28

66% in year 1
22% in year 2
11% in year 3

Question 29

Cost reduction effectiveness

Answer 29

Incident response team: reduces cost by $360,000
Extensive use of encryption reduces by 360,000
Third Party breach on average increases costs by $370,000

Extensive training of incident response reduced costs by 1.2M

Question 30

Biggest factor attributed to data costs

Answer 30

Lost business

Average loss of business after data breach 1.42M

Abnormal churn of 4%

lost business is 36% of all costs; detection and escalation is 31%, notice is 5%, Post breach cost 27%

Question 31

Percentage of breaches attributable to malicious attacks

Answer 31

51% in 2019; grew from 21% in 2014

Question 32

Organizations that had not deployed security automation experienced breach costs that were _____ higher than breaches at organizations with fully-deployed automation

Answer 32

95%

Question 33

Chances of experiencing a breach within the next 2 years

Answer 33

29%

Question 34

Organization with less than 500 employees average breach cost

Answer 34

2.74M in 2019

Question 35

Average cost per health record

Answer 35

$429; all other types of records are around $100 to $200

Question 36

Origin of breach

Answer 36

50% malicious attack
25% system glitch
25% human error

Question 37

Percentage of orgs subject to cyber attacks that are small businesses

Answer 37

58%

Question 38

Breach by third party partner - primary concerns

Answer 38

1) understand what occurred
2) assess potential damage
3) set a game plan

Question 39

Breach by third party partner - primary concerns - understand what occurred

Answer 39

1) In first interview, gather as many facts as you can.
2) Ask the party to provide you their official statement so you can craft your own.
3) Follow up with notes you took down and get the vendor to confirm their accuracy.
4) Will want to know as much as possible in order to answer questions from third parties.

Question 40

Breach by third party partner - primary concerns - assess the damage

Answer 40

1) fully understand what service the partner provides to your organization
2) know what data it possesses
3) Understand how you are connected to each other

Question 41

Breach by third party partner - primary concerns - set game plan

Answer 41

When you call the vendor back, establish your rights. In the contract hopefully there is language regarding your right to audit, rforce remedy, receive communications, tailor the public notice, right to cancel contract, monetary remedies,

Question 42

Cyber Insurance Pitfalls

Answer 42

) most insurance claims are limited to attacks and unauthorized activity, and do not include coverage from accidental errors and omissions. Insurance company could simply point to a factor like human error and refuse to pay out the claim for a hacked computer system.

2) most claims are limited to only paying out losses incurred during an actual network interruption, and not for the entire period that the business has been disrupted. Cyber attack occurs over a weekend, but the business remains incapacitated for a week or more, the claim would only cover the weekend of the attack, and not any business interruption later (no loss of customers or media liability covered)

Question 43

Cyber Insurance Loss Ratio

Answer 43

Amount of claims paid out / Premiums in

2017, that figure was just 32 percent. In other words, for every $1 million in premiums that customers are paying each year, insurance companies are paying out just $320,000

Question 44

The success of any data breach response plan begins with close involvement from

Answer 44

the executive team.

Question 45

Without engagement and leadership from _____ ______ _____ ______ ______ _____, developing, maintaining and implementing effective response plans can pose a significant challenge for organizations.

Answer 45

senior leaders and board of directors

Question 46

Your internal breach response team should include the following:

Answer 46

1) Customer care
2) Executive leaders
3) HR
4) Incident lead
5) Legal
6) Information technology (IT)
7) Public relations