Breach response

planning

David Legassick – Head of Life Sciences, Tech & Cyber

Sarah Bolger – Senior Claims Examiner

09 March 2018

2

Agenda

Why is a Breach response plan crucial to any organisation?

• Preparation:

o Understanding your exposure,

o Creating your plan,

o Building a team response.

• Stages of a Breach response:

o Detection and analysis,

o Investigation, containment and eradication

o Impact assessment,

o Recovery,

o Notification and communication,

o Evaluation and improvement.

3

Video

https://www.youtube.com/watch?v=kCrV_hQ1W-Q

4

5

Why is Breach Response Plan Crucial?

“Many executives are declaring cyber as the risk that

will define our generation”

Dennis Chesley: Global Risk Consulting Leader, PwC

1. Expedite the recovery of business networks/systems

to enable organisation to operate and earn revenue,

2. Reduce reputational damage,

3. To inform and reduce the impact on individuals

affected,

4. Comply with regulatory and legislative

requirements.

6

Legislation – penalties and notification:

• Current UK Data Protection Act – Max fine £500,000

• Current UK Data Protection Act – No general mandatory

breach notification to data subject except for internet and

telcoms service providers.

Must advise ICO if breach likely to impact data subject.

• New EU GDPR – Max fine is the greater of 4%

global T/O or €20,000,000.

• New EU GDPR – Mandatory Breach notification or

serious Breaches for all data controllers to both

data subject & ICO.

Why is a Breach Response Plan Important?

7

Developing a Data Breach Response Plan

Understand your

exposure

Create plan and

procedures

Build the response

Team

Test the plans

8

Understanding your Exposure

Clients should have in place a full Information Security

Management System including:

• Asset identification and classification,

• Risk assessment leading to appropriate protections

technological and human.

9

The plan should include the following standard operating

procedures:

• Investigation and containment,

• Impact Assessment,

• Recovery,

• Notification/Communication,

• Evaluation.

Create Plan and Procedures

10

The rapid response team should include:

• Information Technology (IT),

• Legal Counsel,

• Operational and executive management,

• Public relations,

• Risk management,

• Human Resources.

Building a Response Team

11

At least annually:

Update in line with any significant changes in the business

including:

• Technology

• Activities

• Locations

Test the Plans

12

“Tomorrow's battle is won during today's practice”

• Detection and analysis

• Investigate, contain & eradicate

• Impact assessment

• Recovery

• Notification and communication

• Evaluation and improve

The Stages of a Breach Response

13

• An acknowledgement of that an incident has occurred and

an apology,

• A description of how and when the Breach occurred,

• What data was involved,

• What you have already done to respond to the risks

poses by the Breach,

• The steps individuals can take to protect themselves

and also what you are willing to do to help them,

• Provide a way in which they can contact you for

further information,

• How to contact you – a free phone number, email

address or a web page.

What Should Notification Include?

14

• Post incident review,

• Lessons learnt report,

• Best practice implementations.

Evaluation

15

Video

https://www.youtube.com/watch?v=r5k06MJeLDw

16

• Regular data asset audit and risk assessment,

• Implement information security management system,

• Staff training,

• Breach detection,

• Develop a Breach response plan,

• Test the plans.

Summary

17