Data breaches are now occurring on an almost daily basis and with the recent introduction of GDPR, it has never been more important for organisations to have the right measures in place to deal with a security incident. As a result there is now an increased need for organisations to have incident management systems in place.
Research from the Horizon Scan report found that the top two threats faced by organisations in 2018 are cyber-attacks and data breaches. As cyber threats continue to grow and evolve, it’s inevitable that businesses will experience a security incident at some point.
To effectively deal with this growing threat, it’s vital that organisations have measures in place that will allow them to rapidly identify, respond, and mitigate these types of incidents.
The establishment of an effective major incident management plan will help educate and inform staff, improve organisational structures, improve customer and stakeholder confidence, and reduce any potential financial impact following a major incident.
What’s the Risk to Organisations?
Organisations can no longer take a laid-back approach to cyber security; the stakes are just too high! It’s no good waiting to a security incident happens and then trying to reactively put in place a plan to mitigate any damage. At this stage, when a major incident has taken place, it is too late.
Organisations need to be proactive in their approach and properly prepare for any potential incident that could affect their business.
Security incidents may vary in their business impact and some incidents may highlight a more severe underlying problem. Unless organisations implement an effective Incident Management plan, the following risks could be realised:
The implementation of the GDPR has meant that organisations are duty bound to report data breaches and failure to do so can result in significant fines. The GDPR requires that organisations disclose any personal data breaches to the relevant supervisory authority within 72 hours of detection, otherwise they may face fines of up to 4% of annual global turnover or 20 Million Euros (whichever is greater). Fines will depend on the severity of the breach and if organisations have taken steps to show they are compliant.
The consequences of a security incident on a business can be far reaching. In addition to the financial implications of an incident which may involve paying regulatory fines, compensating customers, and a drop-in share prices, organisations can be severely impacted by reputational damage.
If an organisation’s sensitive data has been exposed, it can have a hugely negative effect on consumer trust. Research has shown that up to 70% of consumers would stop doing business with a company if they have experienced a data breach. Customers lose confidence with an organisation if they don’t feel their data is secure and may end up leaving and switching to competitors.
How can the risk be managed?
1. Establish an Incident Response Reporting Capability
To effectively deal with any incident that may arise, it’s important to have a reporting structure in place that will enable staff to identify and report incidents in a timely manner. The reporting capability will address the full range of incidents that could occur and set out appropriate responses. Setting up a reporting facility means that critical incident management can be better dealt with. The supporting policy, processes and plans should be risk based and cover any regulatory reporting requirements.
2. Security Awareness Training
Effective security awareness training is essential in training staff to identify and respond appropriately to the growing range of cyber security threats. All employees, at every level within an organisation should receive this training to ensure they have all the skills required to identify an attack.
3. Define Roles and Responsibilities
In the event of an incident, specific individuals within the organisation should have defined roles and responsibilities to effectively make decisions and manage the situation accordingly. The contact details of all key personnel should be circulated throughout the organisation, so all staff know who to contact in the event of an incident.
4. Test Incident Management Plans
It’s important that Incident Management plans are tested on a regular basis to ensure the organisation is fully prepared should an incident arise. The outcome of the tests will inform future plans and highlight areas that could do with improvement.
5. Back up Data Regularly
Essential data should be backed up regularly to ensure that there is a process in place to recover the data should a breach occur.
There is no room for complacency in the current cyber security landscape, organisations need to have solid plans in place to effectively manage how incidents will be identified, who will be engaged, how the threat will be contained and eradicated, and how the business will document and report on the breach.
MetaIncident has been designed to provide staff with an easily accessible and simple method of reporting possible security incidents. It also provides the necessary audits required by regulators and governance committees. Contact us for further information on how this could help improve Incident Management reporting within your organisation.