No one in the security industry should be surprised to know that the financial and reputational impact of a breach is severe. According to a recent Harris Poll, studies show that 75 percent of consumers won’t do business with a company if they don’t trust it to protect their data. If the incident involves the theft of more than 1 million records (known as a mega breach), it can be almost impossible to restore the confidence levels to what they were pre-breach. In 2017 alone, there were 16 mega breaches.
Being prepared for the worst before it even happens can minimize the damage in the event of a cybersecurity incident. To get any company ready for a cybersecurity event, the first step is to organize a team to write a mock breach notification letter. For this to be successful, you must shock the organization from the top down. Too many table tops and incident planning exercises start from the bottom up and do not represent the gravity of a beach—but not this. The product of this exercise, a simple letter, will represent your message to the world about your failure in the event you have a breach. It fundamentally provides the introduction of your problem to the world—how will you be judged?
