[hmvideo id= 12057]

According to the 2020 Data Breach Investigations Report by Verizon, nearly 25 percent of all breaches took a month or longer to be discovered. You read that right…a month!

Once a cyber breach is discovered, reacting swiftly to mitigate the damage is crucial to the survival of your organization.

Create a Cyber Breach Response Plan

The most important step to cyber breach readiness happens even before a breach and starts with a breach response plan.

A cyber breach response plan outlines steps to be taken after a cyber breach is discovered and who within the organization is responsible for these tasks. It also identifies outside vendors (legal counsel, forensics, Information Technology resources, etc.) to be involved and when/if to notify law enforcement.

If you don’t have one in place yet, we have some ideas to help!

eRisk Hub, a resource to our clients through our TechAssure membership, has a step-by-step checklist to help you get one put together.

Additionally, your cyber insurance carrier likely has pre- and post-breach resources that can assist in preparing the breach response plan. They can also assist with determining the following items after a breach occurs:

  1. Is a computer forensics investigation needed?
  2. Are breach notifications required?
  3. What is the potential for regulatory fines or penalties?
  4. What is the potential for legal action?
  5. What are your next steps?

Ensure You Have a Cyber Insurance Policy

Do you have a cyber insurance policy? If not, you should strongly consider it, but know this — finding the right, reputable resources can be tricky. Google “cyber breach help,” or “ransomware assistance” and you’ll find millions of results…many of which are actually bad actors looking to make money at your expense.

Through eRisk Hub and Cooley, our Holmes Murphy clients have access to a free breach coach to help you identify next steps, notification requirements, and potential fines or legal action after you’ve discovered a cyber breach has occurred.

Additionally, eRisk Hub has a vetted list of pre-and post-breach organizational resources with contact information as well as credentials. These include forensic accounting & investigation, legal guidance, system remediation, software solutions, cyber extortion negotiators, and public relations.

If you’re interested in learning more, don’t hesitate to reach out! We have cyber experts on hand to help and can walk you through all of the resources available. And to sign up for the the free eRisk Hub, click here.

Plus, as Ross Ingersoll mentioned in last Thursday’s What’s Up Holmes blog, there have been significant shifts in the cyber landscape that are moving at a rapid pace. Holmes Murphy is here to be a partner for your organization, and we have a 7-part blog series with great information to do just that. This is just the second in the series. Be sure to tune in on August 12 for in-depth information on ransomware, a ransomware stress test, and safeguards!