Around the RADAR offices, we talk a lot about the work of privacy professionals and how we can continue to bring greater value to our customers. Part of these discussions include quantifying the cost of poor incident response, and the risk presented to organizations when a data breach is mishandled.
This week our discussions have included two items of interest on this topic:
The economics of cybersecurity and the importance of assigning dollar amounts to incident response
This article features a rundown of a recent Cybersecurity focused radio program with Robert Vescio, Chief Analytics Officer of Secure Systems Innovation Corporation. In this roundtable discussion, Vescio explored the cost and economics of cybersecurity risk management. Included in the article are a few essential steps CISOs or CROs should take when addressing their boards when it comes to concerns of enterprise risk:
- Present an accounting of potential damages should an event (data breach, ransomware, etc) occur
- Explain the potential annual loss for the organization, given that a number of incidents are going to happen.
- Level-set when it comes to the types of tactics that will be put into place to mitigate the costs for the first two items on the list
In this article, it boils down to CISOs and CROs needing to account, in hard dollar amounts, for the risk the organization faces when it comes to privacy and security events.
Mitigating data breach costs with timely, efficient incident response
Experian’s recent survey of 1,000 adults in the US indicates that financial service companies have more to lose when it comes to a data breach, as consumers expect faster response rates from their bank than from any other industry. The same survey indicates that, if a breach is properly managed and the organization is transparent and issues notifications in a timely way, risk of loss of customers is significantly mitigated. Some other interesting stats from the survey:
- 66% of respondents said they would stop doing business with a company that had a slow or ineffective response to a data breach and would switch to a competitor.
- 90% of respondents said they would be more forgiving of a company that had a proactive post-breach communication plan in place before an event that puts data at risk.
The bottom line in this report? The cost of a data breach can be mitigated by timely and efficient response.
IAPP Benchmarking Article Series
How quickly are companies able to manage privacy incidents? See how you stack up >
If you’d like to share what privacy and data breach news is currently on your radar, we would love to hear from you at firstname.lastname@example.org.