A study released by IBM and the Ponemon Institute last March found that 77% of businesses worldwide do not have a consistent incident response plan that they can apply in the event of a data breach. Instead, these corporations rely solely on informal or department-specific damage-control strategies. Even more troubling, nearly half of the organizations surveyed characterized their incident response plans as either “ad hoc” or completely nonexistent. As the frequency and severity of cyberattacks increase and regulations like the European Union’s GDPR raise the stakes for inadequate security practices, businesses need to master the art of cyber resiliency in order to avoid costly regulatory penalties, reputation damage and financial hardship.
It is not always pleasant to imagine what might happen in the event of a catastrophic data breach. But in an age where the unthinkable is fast becoming the inevitable, companies that master the techniques presented in this article can transform themselves from data breach victims-in-waiting to cyber-resilient leaders-in-training.
See A Crash Course in Data Breach Readiness by Jerry Thompson for Risk Management Magazine.