How to Improve Your Organization’s Cyber Incident Readiness and Response

Tuesday, March 7, 2023 by KLD Team

Padlock and PII data.

Organizations spend a lot of time and effort trying to avoid a cybersecurity incident – and they should. Cyberattacks can often shut down operations for hours, or even days. They can result in lost revenue, higher costs, and even a loss of reputation that could impact the long-term outlook of a business. Therefore, it is vital to protect your organization’s (and your customers’) sensitive data, also known as personally identifiable information (PII) and personal health information (PHI).

Your organization needs strong data management and protection policies in place to mitigate a data breach. This is especially true as cyberattacks on a business are no longer a question of if, but when. Readying your business for a cyber incident and having a plan for how to respond is critical. After all, it only takes one mistake (such as a single employee or contractor not following best data management practices) to expose PII/PHI to cyber criminals. The key to an effective cyber incident response plan starts with data mining and the ability to identify impacted PII/PHI quickly.

Cost of a Data Breach

The 2022 Cost of a Data Breach Report from IBM illustrates what is at stake when it comes to data breaches with these three statistics:

  • 83% of organizations have experienced more than one data breach in their lifetime.
  • The global average cost of a data breach is $4.35 million for organizations.
  • In 2022, it took an average of 277 days to identify and contain a breach.

That means a data breach that happened on January 1st of this year would not be fully identified and contained until October 5th – on average!

In short, data breaches are common, costly, and complicated. The ability to respond quickly could save millions of dollars.

How to Respond to a Cybersecurity Incident

One of the biggest reasons it takes so long to identify and contain a data breach is that it is difficult to fully grasp the impact of the breach in terms of the data affected. Often, it takes organizations weeks or even months to identify the data that has been accessed, including corporate data or PII/PHI, such as names, addresses, ID numbers, bank details, or credit card information.

Quickly identifying PII/PHI accessed in a breach is not only important to notify the impacted entities, it is also required by data privacy and protection regimes, including GDPR, CCPA, and BIPA. For example, EU data protection regulation under GDPR requires the responsible entity to report any breach involving PII/PHI within 72 hours of detection. Many of these regulations also require organizations to provide a detailed description of the PII/PHI impacted, outlining the approximate number of data subjects, categories concerned, and affected records.

The key to understanding the impact of a breach quickly – so you can notify any impacted entities and regulatory authorities within the required timeframe – is gaining insight into the PII/PHI and sensitive business information in the impacted data sets. Doing so requires tailored workflows leveraging state-of-the-art data mining software to ensure the efficient identification and evaluation of data impacted during a cybersecurity incident.

Three Keys to Selecting a Cyber Incident Response Partner

When selecting a partner to support your cyber incident readiness and response, there are three keys to keep in mind:

  1. Technological expertise: Like any workflow, cyber incident response requires a combination of people, process, and technology to address the data mining challenges faced following a cybersecurity incident. Your cyber incident response partner should be able to demonstrate their battle-tested expertise and the fact that they leverage purpose-built technology designed specifically for data mining. You want your partner to help you locate, categorize, process, and review PII/PHI, enabling you to report impacted entities to supervisory authorities within the scope of mandatory reporting requirements. Moreover, ask your prospective partner if they employ AI and machine learning to offer you greater insight, precision, and efficiency, including proficient handling of tabular data and deduplication of impacted entities.
  2. Proven methodologies: Your cyber incident response partner should have tailored workflows in place and be able to customize their approach to support a variety of industries, business units, and jurisdictions. They must understand the fundamental differences between specialized cyber incident response and eDiscovery and have no limits on data volume or composition. In addition, look for a partner who compiles notification lists to contact entities potentially affected by a breach and one who conducts a proactive evaluation of your data protection measures to increase preparedness.
  3. Multilingual capabilities: Data impacted by a cyber incident often spans the globe and many different languages. Your cyber incident response provider should be able to not only identify the languages associated with impacted data, but also conduct a review of affected documents in various languages to determine the nature of your exposure.

The key to making common data breaches less costly and complicated is to quickly identify the data impacted during a breach, enabling you to notify impacted entities and regulatory authorities. Select an experienced cyber incident response partner with a steady hand to support your organization through the moment of crisis a data breach represents.

Visit KLDiscovery’s website to learn more about our Cyber Incident Response services, where you can contact a cybersecurity expert to get started on your plans for cyber incident readiness and response.