RadarFirst Blog

Is Your Organization in Good (Incident Response) Shape?

Highlights:

  • Timeline benchmarks for incident occurrence to discovery
  • How incident category, source, and intention affect on-time notification
  • 5 steps to get your incident response into shape

Read more below.

Is Your Organization in Good (Incident Response) Shape? | RadarFirstData Breach Notification Timeline Benchmarks

While incident risk assessment always feels like a race, it will not likely become an Olympic sport anytime soon. Per Radar metadata, the median number of hours it takes from the time an incident occurs to the time an incident is discovered is 37.6 hours. For fiscally-minded privacy professionals, it’s important to look beyond metadata from 2020 to see the trends with data breach notification benchmarks.

Across heavily regulated industries like Healthcare, Finance, and Insurance, the median timeline from the occurrence of an incident to its discovery has more than doubled since 2018. While healthcare has remained relatively stable (17 to 19.8 hours since 2018), the increase from Financial (66.8 to 86.3 hrs) and Insurance (17 to 42 hrs) sectors drove the collective average upward.

Is Your Organization in Good (Incident Response) Shape? | RadarFirst

(Download the 2021 Privacy Incident Benchmark Report to see how your organization fares vis-à-vis other industries)

“On your mark, get set, go!” applies to privacy professionals at the beginning of the privacy incident response process — as soon as the incident is discovered. But the “race” isn’t only how fast you can get to the notification finish line — data breach notification laws typically have timeline requirements for notification — it’s also about thoroughness and consistency.

The First Step of Privacy Incident Response

When a privacy incident is discovered, the first step privacy professionals are tasked with is to identify and investigate the incident. Why does it often take long between the occurrence and discovery process? Privacy incidents vary by scope and complexity, so the time it takes depends on many factors, including:

  • Whether the incident originated internally or externally
  • The number of records affected
  • The type of incident (electronic-based, paper-based, or verbal/visual)
  • The intention behind the incident (i.e. malicious vs. unintentional)

Once incident discovery and identification takes place, privacy professionals across industries turn to an intelligent incident response management platform, to help navigate the incident risk assessment process and identify notification obligations, as well as manage touchpoints across the entire incident response lifecycle.

Explore IR with Radar

See How Radar Works

The end goal of incident response is to mitigate risk and in the event a breach occurs, to distribute notifications in line with the regulatory requirements and to do so without accruing reputational or financial harm as a result of late notification. As mentioned above, every detail of an incident can inhibit an organization’s ability to provide on-time notification. From incident type to its source and the intention behind it, take a look at some of the findings to learn more about why certain incidents take longer to discover and investigate. You will likely see patterns and trends emerge that can inform areas for improvement and training in your organization.

Percentage of notifications that are on time by incident category, source, and intention:

Is Your Organization in Good (Incident Response) Shape? | RadarFirst
Every incident is unique, but having organization-wide awareness of how to spot each variation can help improve occurrence to discovery timelines.

Training for the Big Race

Readying for a race is as important as the race itself. To get in better shape for the incident response race, consider these identification and investigation five best practices:

  1. Educate full staff with training to report and escalate incidents and equip them with reporting tools.
  2. Promptly engage and inform all necessary incident response team members
  3. Ensure that the incident information captured is sufficient to complete an accurate risk assessment.
  4. Establish effective information-gathering processes and tools to speed investigation.
  5. Standardize incident intake forms in a format that easily supports permanent incident records and makes it easy to provide regulatory documentation.

For a complete list of incident response best practices and actions for improvement, check out The Privacy Incident Benchmark Report 2021.

You wouldn’t start a relay race without training, practicing, fueling, and stretching. Incident management teams are also continually working to improve. Here are good questions to ask of your organization:

  • How is my organization mitigating risk?
  • How can we improve operationally?
  • How can we streamline our incident response process?

Regular tabletop exercises, for example, can help anticipate new threats or different types of incidents. At RadarFirst, we’re all about keeping your incident response team in good incident response shape!

Learn how intelligent incident response can automate your risk assessment and save you time, stress, and money with a free ROI calculator.

You might also be interested in:

Topics: Benchmarking Series