Cybersecurity Incident Response Plans — A Corporate Multi-Use Tool

The stakes have been raised as the EU’s new General Data Protection Regulation, or GDPR, mandates notification within 72 hours. Once that happens, social media and public opinion give you only hours to get it right.

What does this have to do with cybersecurity? Everything.

Cybersecurity and data breach response plans are all about dealing with a fast-moving and soon-to-be public crisis. Notifications, and therefore publicity, are mandatory. The stakes have been raised as the EU’s new General Data Protection Regulation, or GDPR, mandates notification within 72 hours. Once that happens, social media and public opinion give you only hours to get it right. And as we know so painfully from the Equifax breach, that needs to be done correctly the first time round. Equifax notified the public of its data breach — covering more than 143 million people and attacking its core business — a month after it discovered the breach, and when it did, its reaction was widely criticized.

  1. Matter is Constant. Ensure that constants remain constant. This includes corporate values and adherence to principles and procedures. Companies fail when they are tempted to apply situational ethics instead of responding based on existing values. Discussions in which decision makers try to quantify the “cost” of inaction against action should not be part of the response. Some calculations are binary, regardless of our tendency to want to create areas of gray.
  2. Carry an Internal Compass. The surest path to disaster is to wait to see how something will play out, whether that means the size of the breach, the reaction on social media, shareholder reaction, the level of civic unrest, etc. Don’t cede your timeline and decisions to the merciless court of public opinion. You have a plan. There are legal and I would argue, moral, requirements to act, regardless of the size or scope of the breach or emergency.

--

--

Insights into where finance meets technology - from experts, for experts.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
FinTech Weekly

FinTech Weekly is a news service for the FS industry. Our newsletter comes out weekly, wrapping up the most important insights and strategies from the past week