The Ponemon Institute conducted a survey of 495 senior executives both in the United States and the United Kingdom. The findings identify the importance of executive involvement in an effective data breach response.
The following ingredients really apply to any organization evaluating their data security posture, not just law firms.
- Poor communications, lack of leadership and lack of board oversight are barriers to effective incident response.
- Current incident response plans are more reactive than proactive.
- Executive level oversight is critical to minimizing financial loss and protecting reputation and brand.
- Understanding the risk and approving incident response plans should be on the board of directors’ agenda.
- Negligent and malicious insiders are considered the biggest security risk.
This strongly suggests that senior executives need to be involved in the development and review of your incident response plan.
In one recent engagement, we developed and exercised an organization’s incident response plan. Senior executives were directly involved including the COO, two vice presidents of key business units, the chief risk officer, the CIO, and deputy legal counsel. Our client gained from this effort and so did we.
Let us help your organization develop, improve, and test your incident response capabilities.
The full study, “The Importance of Executive Involvement in Data Breach Response, (May 2015) is available at this link:
Cyber Incident Response – Executive Awareness
Raising executive awareness on the importance of incident response planning should raise executive support. This is one in a series of references that serve as tools for engaging your executives and gaining their support.
The full collection of references is available at this link: