Challenges in Protection
Surveys indicate that 85% of small and medium businesses without a formal data security policy have experienced an information breach. The cost of a data breach includes legal expenses, forensic fees, lost customers, reputation management, and the notification process. Unfortunately, actual costs extend beyond the dollars spent to address the incident: 31% of breach notification recipients terminate their relationship with the organization, 59% of breached companies were embroiled in subsequent litigation, 33% faced potential regulatory fines, and 32% experienced a decline in share value. Generally, approximately 60% of all small or medium sized companies go out of business within six months of experiencing a breach.
Achieving Best Practices
Businesses are considered negligent if they have no breach response program in place prior to an incident. It is imperative that companies have a trusted source to address an information breach if they are to mitigate contingent risks. Businesses seeking best practices, implement a breach response plan prior to an incident. In the event of a breach, the program is quickly activated, conserving time and money while preserving the company's reputation and regulatory standing. The complexities of confronting a database compromise extend beyond the capabilities of most businesses.
The GIS Comprehensive Commercial Cyber Service includes:
- Assistance with proper protocols and staff training for those protocols
- Assistance with compliance
- Protection and Planning
- Establishing cyber security baseline and maturity levels
- Breach or Ransom Response
- Resolution for consumers
- Access to certified forensic examiners
- Post Resolution Education and Ongoing Reviews
GIS Commercial Cyber service provides practical information to educate companies about the different ways their information can be compromised, and equally importantly, what to do to protect it. This comprehensive program includes an appropriate response and addresses issues businesses confront during a breach. The Data Breach Incident Response Program is an effective and trusted source for businesses to mitigate such risks.
Cyber and technology get the most attention in the news as a source of compromise. Cyber breaches can occur by a direct penetration of the network or by a malware infection brought about by a person's actions. Knowing how these occur tells people what to do and what to avoid in using technology making information more secure. It also identifies weaknesses in the cyber defenses.
- Assessment and preparation of an appropriate breach response If a company suspects a breach, they contact GIS immediately to be connected to our fraud center. A specialist will work closely with the company to assess the nature of the incident and activate a suitable response. Considerations include: applicable state and federal laws; the extent and nature of breached information; and immediate compliance requirements. Data breach specialists will assist with the preparation of a compliant notification letter which constitutes the company's first goodwill action to its customers.
- Unlimited access to fraud specialists Notified recipients benefit from unlimited access to a personal fraud specialist who will respond to questions. The specialists will assist placing proactive alerts, enrollment in monitoring services, review of credit reports, and resolving suspected fraud.
- Distribution of monitoring products Some events require that monitoring products be provided. Several packages for gifting protective reports and monitoring services to the breached constituents are available; all are institutionally priced.
- Interaction with media, credit bureaus, and law enforcement A GIS breach manager will interact with media and create an action plan to counteract negative public reaction. Specialists will also interface with credit bureaus, regulatory bodies and law enforcement when appropriate.
- Secure website to augment the notification process A secure, web-based platform to assist with notification and authentication can be deployed. The website allows customers preferring online interaction to access breach information, enroll for credit products, and contact our fraud department.