A record high 783 data breaches in the U.S. alone occurred in 2014, according to a recent survey, and 2015 has brought more bad news, including significant breaches affecting the U.S. federal government. Besides embarrassment and loss of customer confidence, these incidents can be costly and may result in significant legal exposure and financial penalties. However, although a security breach is always an unfortunate event, it does not need to be a crisis if a company has a workable incident response plan in place. Companies that have an effective and realistic plan are able to respond to a material breach in an efficient and responsible manner and, as a result, fare much better with regulators and in dealing with PR and brand issues.
Creating an incident response plan is crucial because without a plan, your response to a crisis will be, at best, disjointed and inefficient. At worst, it will be ineffective and create additional risks. Among the first requests from every regulator is a copy of the incident response plan, and the failure to have one will be deemed evidence of unreasonable security practices. Once the plan is implemented, how a company manages the incident is key to limit damages and reduce recovery time and costs.
During this program, you will receive practical guidance on developing and implementing an incident response plan, trends in incident response from recent security breaches, and also hear from corporate counsel on best practices. Topics to be addressed will include: