Data Breach Readiness ‘MOT’
Data breaches are inevitable. Most breaches are as a result of cock up, rather than conspiracy. With customers becoming more aware of their data protection rights, trust in how a company handles their data is driving choice.
How a business responds when the worst happens will have a great impact on that trust. Take our Data Breach Readiness MOT to find out how prepared you are for the inevitable.
You have assembled your data breach response team.
Your response team has the necessary experience across IT, legal, and communications.
You have audited and tested your response plan in the last 12 months.
Your contracts with data processors and key partners include defined responsibilities for a breach situation.
Your processors know who to contact in your organisation when becoming aware of a breach.
You have a clearly identified team lead who will liaise with the regulator and other stakeholders.
You have an inventory of the types and location of the information you store that could be exposed during a data breach.
You have the technology, the people and knowledge in house to conduct a thorough investigation into a cyber security incident.
You have identified what your breach notification process would look like.
You have identified everyone who needs to be mobilised in the orgnisation in the event of a breach.
You know what services you are going to offer to reassure affected parties in the event of a breach.
You have developed a communications incident response plan, including drafts of key messages that will be useful during an incident.
Your chosen response team are experts trained and confident in communicating.
You have conducted a crisis simulation to test how effectively your organisation would manage a breach incident in the last 12 months.
You have conducted employee training to apply data protection best practices in the last 12 months.
Please note that your MOT result is not recorded by us, as we want to keep data collection to a minimum. However, here’s an indexed guide to give you an idea of what we would recommend in relation to each outcome.
— READINESS INDEX —
Good Level of Readiness: Based on your answers it looks like you may be all set to deal with a breach when it happens. Consider running a live enactment scenario to rehearse and refine your response plan.
Good Progress Towards Readiness: You’re well on the way to being ready, and there are perhaps only matters of staff training, or finalising your breach response plan to deal with.
Some Gaps in your Readiness: Your responses indicate that there are quite a few gaps in your breach approach. You could benefit from a Risk Assessement to help identify weaknesses, looking primarily at the areas where you were unable to ‘Agree’ or ‘Strongly Agree’.
Low Level of Readiness: The responses suggest a package of actions are necessary to address the readiness shortfall. Start by undertaking a full Breach Risk Audit to identify the areas of greatest risk, and prioritising the actions to get you to readiness.
Remember, when managing a data breach, preparation is the key. If your breach is reportable to the regulator, valuable time could be wasted in putting a team together and deciding who should be doing what, rather than managing and controlling the effects of the breach on your business and customers.
If you are not in a position to report within the 72 hour time frame, the regulator could take a range of actions, from ordering you to stop processing data for a specific purpose, to issuing a monetary penalty – and both could see a significant cost. If you’d like to steer a course that reduces your exposure, click the call back button for one of our advisors to contact you.