By Experian
®
Data Breach Resolution
Data Breach
Response Guide
2020-2021 Edition
Contact us at 866.751.1323 or visit us at experian.com/databreach | Data Breach Response Guide | 2
2
5
Michael Bruemmer
Foreword
The COVID-19 outbreak has upended business and life as usual. Consumers habits and attitudes
toward shopping and working online are changing, and companies’ work-from-home policies may
never be the same.
1
Perhaps it’s no surprise that cybercrime may look a little dierent as well.
1
Identity Theft Resource Center. 2020. Q3 Data Breach Analysis and Key Takeaways
2
RiskBased Security. 2020. Mid Year Data Breach QuickView Report
3
INTERPOL. 2020, April 4. Cybercriminals targeting critical healthcare institutions with ransomware
4
Forbes. 2020, March 21. FBI Coronavirus Warning: ‘Signicant Spike’ In COVID-19 Scams Targeting These Three States
5
Experian and Ponemon. 2020. Seventh Annual Study: Is Your Company Ready for a Big Data Breach?
6
IBM and Ponemon. 2020. Cost of a Data Breach Report
Contact us at 866.751.1323 or visit us at experian.com/databreach
Practicing Your Plan 20
Conduct Response Exercises Routinely 20
Implementing a Drill Exercise 21
Developing Your Drill 22
Developing Injects 22
Quiz: How Prepared Are You 23
Responding to a Data Breach 24
The First 24-hours 24
Next Steps 25
Managing Communications and
Protecting Your Reputation 26
Protecting Legal Privilege 27
Taking Care of Your Consumers 28
Auditing Your Plan 30
How the Pandemic Impacts Your Response Plan 31
Areas to Focus On 31
Preparedness Audit Checklist 32
Experian® Reserved Response™ 33
A Proactive Approach 31
Guaranteed and Scalable 31
Helpful Resources 34
Foreword 2
Introduction 4
Industry Perspective 6
Financial Services 6
Healthcare 7
Small and Medium-Sized Businesses 7
Keeping Pace with Cybercriminals 8
Engaging the C-Suite 10
Why do Consumer Response Plans Fail? 11
Lack of Preparedness and Planning 11
Creating Your Plan 12
Start With a Bullet-Proof Response Team 12
Engage Your External Partners 14
Understand the Impact of Inuencers 15
What to Look for in a Breach Response Partner 15
Additional Considerations 16
Selecting Legal Partners 16
Selecting a Breach Response Provider 17
Incorporating Crisis Communications 17
Managing International Breaches 18
Table of Contents
© 2020 Experian Information Solutions, Inc. All rights reserved. Experian and the marks used herein are service marks or registered trademarks of
Experian Information Solutions, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners.
Legal Notice: The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality information but make no claims, promises
or guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specic circumstances
of each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.
Contact us at 866.751.1323 or visit us at experian.com/databreach
felt far beyond the walls of the tech and security teams.
8
Introduction
7
PwC. 2020. Digital Trust Insights Pulse Survey
8
RiskBased Security. 2020. Mid Year Data Breach QuickView Report
9
IBM and Ponemon. 2020. Cost of a Data Breach Report
10
Experian. 2019. Data Breach Consumer Survey
Since the pandemic, 95% of CISOs plan to integrate
cyber risks with overall enterprise risk management.
7
95%
Contact us at 866.751.1323 or visit us at experian.com/databreach | Data Breach Response Guide | 5
Report Date: 1/8/2020
Identity Theft Resource Center: 2019
Total Breaches: 1,473 | Records Exposed: 164,683,455
Breaches Identied by the ITRC as of: 1/8/2020
Industry
# of
Breaches
% of
Breaches
# of Sensitive
Records
Expose
% of
Sensitive
Records
# of
Non-Sensitive
Records Exposed
% of
Non-Sensitive
Records Exposed
Banking/Credit/Financial 108 7.33% 100,621,770 61.10% 20,000 0.003%
Educational 113 7.67% 2,252,439 1.37% 23,103 0.003%
Medical/Healthcare 525 35.64% 39,378,157 23.91% 1,852 0.000%
Business 644 43.72% 18,824,975 11.4 3% 705,106,352 99.990%
Government/Military 83 5.63% 3,606,114 2.19% 22,747 0.003%
Totals for All Categories: 1,473 100.0% 164,683,455 100.0% 705,174,054 100.0%
Introduction
immediately
11
IBM and Ponemon. 2020. Cost of a Data Breach Report
12
Identity Theft Resource Center. 2020. 2019 End-of-Year Data Breach Report
In 2019, data breaches cost
companies an average of $1.52
million in lost business.
11
$1.52M
Contact us at 866.751.1323 or visit us at experian.com/databreach
Financial Services
13
VMWare Carbon Black. 2020. Modern Bank Heists 3.0
14
Identity Theft Resource Center. 2020. 2019 End of Year Data Breach Report
15
IBM and Ponemon. 2020. Cost of a Data Breach Report
Industry
Perspective
Contact us at 866.751.1323 or visit us at experian.com/databreach
Healthcare
Small and Medium-Sized Businesses
16
Identity Theft Resource Center. 2020. 2019 End-of-Year Data Breach Report
17
INTERPOL. 2020, April 4. Cybercriminals targeting critical healthcare institutions with ransomware
18
Microsoft. 2020. Digital Defense Report
19
IBM and Ponemon. 2020. Cost of a Data Breach Report
20
Keeper Security and Ponemon. 2019. Global State of Cybersecurity in Small and Medium-Sized Businesses
Industry Perspective
Contact us at 866.751.1323 or visit us at experian.com/databreach | Data Breach Response Guide | 8
Keeping Pace
with Cybercriminals
The world of cybersecurity is ever-changing.
22
Taking Advantage of Changes in Business Operations
21
BakerHostetler. 2020. Data Security Incident Response Report
22
Verizon. 2020. Data Breach Investigations Report
23
PwC. 2020. Digital Trust Insights Pulse Survey
24
KIVU. 2020. Threat Intelligence Reports March 2020
Ransomware
Contact us at 866.751.1323 or visit us at experian.com/databreach
Tactics and Techniques
25
Malwarebytes.2020. Enduring from home COVID-19’s impact on business security
26
Microsoft. 2020. Digital Defense Report
27
Experian and Ponemon. 2020. Seventh Annual Study: Is Your Compnay Ready for a Big Data Breach?
Keeping Pace with Cybercriminals
of employees admit to using
personal devices for work-
related activity more than
their work-issued devices.
25
28%
Contact us at 866.751.1323 or visit us at experian.com/databreach
Engaging
the C-Suite
The involvement of the executive
team greatly determines the success
of a data breach response plan.
28
When working to gain the support of your company’s leadership, consider these 2019 data points:
Engagement
28
63%
$8.64 million:
28
$3.86 million:
80%
$302,539:
$146:
207 days:
$2 million:
28
Experian and Ponemon. 2020. Seventh Annual Study: Is Your Company Ready for a Big Data Breach?
29
IBM and Ponemon. 2020. Cost of a Data Breach Report
30
BakerHostetler. 2020. Data Security Incident Response Report
Why do Consumer
Response Plans Fail?
Contact us at 866.751.1323 or visit us at experian.com/databreach
Lack of preparedness and planning
Annual budget for guaranteed customer response
resources and maintaining customer response
readiness is $0
•
•
•
There is no estimate for the number of customer
calls, emails, or messages expected
The notication plan has never been tested
by a live drill
The maximum number of customers that could be
breached is unknown
The availability of the sta expected to service those
queries is not guaranteed
Speed is critical – 72-hour notication regulations
with massive nes
Contact us at 866.751.1323 or visit us at experian.com/databreach
Start with a bullet-proof response team.
•
•
•
•
processes and procedures
•
•
•
•
•
•
•
•
INCIDENT LEAD CUSTOMER CARE
Creating
Your Plan
Preparation
Contact us at 866.751.1323 or visit us at experian.com/databreach
•
•
•
•
•
evidence and progress
•
Respond and Recover
•
•
•
•
•
C-SUITE
INFORMATION TECHNOLOGY
HR
PUBLIC RELATIONS AND/OR
CORPORATE COMMUNICATIONS
Creating Your Plan
Contact us at 866.751.1323 or visit us at experian.com/databreach
Engage your external partners:
CRISIS
COMMUNICATIONS
DATA BREACH
RESOLUTION PROVIDER
FORENSICS
LEGAL COUNSEL
•
during an incident
•
•
•
•
•
•
•
•
•
•
Creating Your Plan
Contact us at 866.751.1323 or visit us at experian.com/databreach
1. Understanding of Security and Privacy
2. Strategic Insights – Can They Answer and Handle
“What If” Scenarios?
3. Relationship with Regulators
4. Ability to Scale
5. Global Considerations
What to Look for in a Breach Response Partner
Creating Your Plan
of data breach response
plans include procedures for
communicating with state attorneys
general and regulators. However,
only 14% of organizations have met
with law enforcement and/or state
regulators in preparation.
31
71%
31
Experian and Ponemon. 2020. Seventh Annual Study: Is Your Company Ready for a Big Data Breach?
State Attorneys General and Regulators
Law Enforcement
Contact us at 866.751.1323 or visit us at experian.com/databreach
•
•
•
Additional Considerations
•
•
•
Despite the substantial nancial risk
organizations face when it comes to
data breaches, only half of companies
have cyber insurance to help cover
them when an incident occurs.
32
½
Selecting Legal Partners
Creating Your Plan
32
Experian and Ponemon. 2020. Seventh Annual Study: Is Your Company Ready for a Big Data Breach?
Contact us at 866.751.1323 or visit us at experian.com/databreach
Selecting a Breach Response Provider Incorporating Crisis Communications
•
•
•
responses
•
•
•
• Enlist a Representative:
• Map Out Your Process:
• Cover All Audiences:
• Prepare Templated Materials:
•
•
•
•
• Test Your Communications Process:
Creating Your Plan
Contact us at 866.751.1323 or visit us at experian.com/databreach
33
Experian and Ponemon. 2020. Seventh Annual Study: Is Your Company Ready for a Big Data Breach?
of incident response
plans include processes
for managing international
data breaches.
33
64%
Managing International Breaches
Creating Your Plan
Contact us at 866.751.1323 or visit us at experian.com/databreach
Coordinate a multinational response team:
Prepare for increased stakeholder engagement:
Your organization can take the following steps to better
prepare for an international data breach.
Organize consumer notication and support:
Preparing for an international data breach
1.
2.
3.
Creating Your Plan
Contact us at 866.751.1323 or visit us at experian.com/databreach
Practicing
Your Plan
Conduct Response Exercises Routinely
Practicing Response Plan
Responsibilities of Your Team
•
•
•
•
ACTIVITIES SHOULD INCLUDE:
•
•
•
34
Experian and Ponemon. 2020. Seventh Annual Study: Is Your Company Ready for a Big Data Breach?
Contact us at 866.751.1323 or visit us at experian.com/databreach
Implementing a Drill Exercise
Practicing Your Plan
VERIFY YOUR ORGANIZATION IS READY TO CARRY OUT YOUR RESPONSE PLAN BY DOING THE FOLLOWING:
•
•
•
•
•
•
•
•
•
WHO TO INVOLVE:
Complete materials and workows
Enlist an outside facilitator
Schedule a healthy amount of time
Include everyone
Test multiple scenarios
Debrief after the exercise
Conduct drills every 6 months
Contact us at 866.751.1323 or visit us at experian.com/databreach | Data Breach Response Guide | 22
35
Experian and Ponemon. 2020. Seventh Annual Study: Is Your Company Ready for a Big Data Breach?
Practicing Your Plan
Developing Injects
Possible injects can include:
•
•
of organizations believe their
data breach response plan
could be more eective if they
incorporated what they learned
from previous breaches.
35
74%
Sample Scenarios
•
•
•
Developing Your Drill
•
•
•
Contact us at 866.751.1323 or visit us at experian.com/databreach
Quiz: How Prepared Are You?
Practicing Your Plan
RESPONSE PLANNING
TRAINING AND AWARENESS
KEY PARTNERS
and signed contracts in preparation
COMMUNICATIONS
NOTIFICATION AND PROTECTION
SECURITY PLANNING
Contact us at 866.751.1323 or visit us at experian.com/databreach
1. Record the moment of discovery:
2. Alert and activate everyone:
3. Secure the premises:
4. Stop additional data loss:
5. Document everything:
6. Interview involved parties:
7. Review notication protocol:
8. Assess priorities and risks:
9. Notify law enforcement:
HOW A DATA BREACH UNFOLDS
• Data incident is discovered
• Outside legal counsel is engaged
• Forensics determines
“who” and “what”
• “Go/No Go” for consumer
response
• Public Relations
crafts messaging
• Consumer notication
(letter, email. website)
• 1-800 Call Center for
FAQs/Enrollment
• Identity theft Protection/
Fraud Resolution
Responding to
a Data Breach
Breach Discovery
Always collect, document and record as
much information about the data breach
possible, including conversations with
law enforcement and legal counsel.
Act Fast
DISCOVER
1
INFORM
(Company Incident Lead)
2
ASSESS
(Forensics)
3
GUIDE
(Breach Counsel)
4
NOTIFY
(Breach Response Provider)
5
36
BakerHostetler. 2020. Data Security Incident Response Report
Contact us at 866.751.1323 or visit us at experian.com/databreach | Data Breach Response Guide | 25
1 5
2
3
7
4
Next Steps
Responding to a Data Breach
IDENTIFY THE CAUSE REPORT TO UPPER MANAGEMENT
ALERT YOUR EXTERNAL PARTNERS
CONTINUE WORKING WITH FORENSICS
IDENTIFY LEGAL OBLIGATIONS
IDENTIFY CONFLICTING INITIATIVES
6
EVALUATE RESPONSE
AND EDUCATE EMPLOYEES
Contact us at 866.751.1323 or visit us at experian.com/databreach
Managing Communications and Protecting Your Reputation
Although incident response planning is not one-size-fits-all, the following are fundamental
principles to abide by:
Assume news of the incident will
leak before your organization has
all the details and have a plan in
place to address questions early
in the process.
If your organization is committed
to providing identity protection if
an incident is conrmed, consider
mentioning that in the statement.
Communicate with the appropriate
regulators early and transparently
to avoid potential scrutiny.
Establish traditional and social
media monitoring to detect leaks and
understand how external stakeholders
are framing the incident.
Focus initial holding statements
on steps being taken to investigate
the issue and resist speculating
on details about the breach before
a forensic investigation.
Ensure frontline employees have
the information they need to
communicate to their customers
and make sure they know to route
any media requests directly to the
incident response team.
When more information is available,
establish a consumer-centric
website regarding the breach
that provides details about what
happened, and steps individuals
can take to protect themselves.
Responding to a Data Breach
Contact us at 866.751.1323 or visit us at experian.com/databreach
Protecting Legal Privilege
While you should consult your outside counsel when deciding the approach to maintaining
privilege, the following are good general rules:
Ensure that all written materials, including emails, are
marked “privileged & condential” and that you include
someone from the legal department on the distribution.
All contracts for external partners should be arranged
through outside counsel, so their work is part of the
course of providing legal counsel to your organization.
Be thoughtful about what information you are documenting
or is being put in writing versus what should be discussed
in-person or on a call.
Responding to a Data Breach
Contact us at 866.751.1323 or visit us at experian.com/databreach | Data Breach Response Guide | 28
37
Experian. 2019. Data Breach Consumer Survey
38
McKinsey & Company. 2019. Survey of North American Consumers on Data Privacy and Protection
Taking Care of Your Customers
Responding to a Data Breach
Notication
•
•
•
•
•
•
Contact us at 866.751.1323 or visit us at experian.com/databreach
39
Experian and Ponemon. 2020. Seventh Annual Study: Is Your Company Ready for a Big Data Breach?
Responding to a Data Breach
Identity Theft Protection
•
•
•
•
•
•
of security professionals
believe oering free identity
theft protection and credit
monitoring services is the best
approach to keep customers
and maintain brand reputation.
39
74%
WHAT IS THE DIFFERENCE BETWEEN IDENTITY THEFT PROTECTION AND CREDIT MONITORING SERVICES?
Contact us at 866.751.1323 or visit us at experian.com/databreach
Auditing Your Plan
Once you’ve created your preparedness
plan, you’ve cleared one of the biggest
hurdles in positioning your organization
for success.
How the Pandemic Impacts Your
Response Plan
•
•
•
Contact us at 866.751.1323 or visit us at experian.com/databreach
Areas to Focus On
Auditing Your Plan
•
•
•
•
•
•
•
•
•
•
CALL CENTER VENDOR NEGOTIATIONS
Contact us at 866.751.1323 or visit us at experian.com/databreach
Auditing Your Plan
Preparedness Audit Checklist
UPDATE YOUR TEAM CONTACT LIST
REVIEW NOTIFICATION GUIDELINES
REVIEW WHO CAN ACCESS YOUR DATA
EVALUATE IT SECURITY
REVIEW STAFF SECURITY AWARENESS
DOUBLE CHECK YOUR VENDOR CONTRACTS
VERIFY YOUR PLAN IS COMPREHENSIVE
Contact us at 866.751.1323 or visit us at experian.com/databreach
A Proactive Approach
•
•
•
Guaranteed and Scalable
•
•
•
•
•
•
•
•
is the average
organizations can save
by having an established
incident response team
with an extensively
tested response plan.
40
40
IBM and Ponemon. 2020. Cost of a Data Breach Report
Experian®
Reserved Response
$2M
Contact us at 866.751.1323 or visit us at experian.com/databreach
Federal Trade Commission
www.ftc.gov/idtheft
Identity Theft Resource Center
www.idtheftcenter.org
International Association of Privacy Professionals
www.iapp.org
National Conference of State Legislatures
www.ncsl.org
Online Trust Alliance
www.otalliance.org
NIST Cybersecurity Framework
www.nist.gov/cyberframework/csf-reference-tool
• BakerHostetler. 2020. Data Security Incident Response Report
2020_DSIR_Report_(003).pdf
• Experian and Ponemon. 2020. Seventh Annual Study:
Is Your Company Ready for a Big Data Breach?
www.experian.com/Seventh Annual Study
• Experian. 2019. Data Breach Consumer Survey
• Forbes. 2020, March 21. FBI Coronavirus Warning: ‘Signicant
Spike’ In COVID-19 Scams Targeting These Three States
www.forbes.com/FBI Coronavirus Warning
• IBM and Ponemon. 2020. Cost of a Data Breach Report
www.ibm.com
• Identity Theft Resource Center. 2020. 2019 End-of-Year Data
Breach Report
www.idtheftcenter.org
• Identity Theft Resource Center. 2020. Q3 Data Breach Analysis
and Key Takeaways
• INTERPOL. 2020, April 4. Cybercriminals targeting critical
healthcare institutions with ransomware
www.interpol.int
• Keeper Security and Ponemon. 2019. Global State of
Cybersecurity in Small and Medium-Sized Businesses
www.keeper.io
• KIVU. 2020. Threat Intelligence Reports March 2020
kivuconsulting.com
• McKinsey & Company. 2019. Survey of North American
Consumers on Data Privacy and Protection
www.mckinsey.com
• Microsoft. 2020. Digital Defense Report
www.microsoft.com
• PwC. 2020. Digital Trust Insights Pulse Survey
www.pwc.com
• RiskBased Security. 2020. 2020 Mid Year Data Breach
QuickView Report
pages.riskbasedsecurity.com
• Verizon. 2020. Data Breach Investigations Report
enterprise.verizon.com
• VMWare Carbon Black. 2020. Modern Bank Heists 3.0
www.carbonblack.com
Helpful Resources
HELPFUL LINKS REFERENCES
Experian Data Breach Resolution
www.Experian.com/DataBreach
Experian Reserved Response
www.experianpartnersolutions.com/reserved-response/
Blog
www.experian.com/blogs/data-breach/
LinkedIn
www.linkedin.com/company/data-breach-resolution
Twitter
www.Twitter.com/Experian_DBR
EXPERIAN LINKS
Contact us at 866.751.1323 or visit us at experian.com/databreach
Experian Data Breach Resolution, powered by the nation’s
largest credit reporting agency, is a leader in helping
businesses plan for and mitigate consumer risk following
data breach incidents. With more than seventeen years
of experience, Experian Data Breach Resolution has
successfully serviced some of the largest and highest-prole
breaches in history. The group oers swift and eective
incident management, notication, call-center support,
and reporting services while serving millions of aected
consumers with proven credit and identity protection
products. Experian Data Breach Resolution is active with
NetDiligence®, Advisen, and InfraGard.
For more information, visit experian.com/databreach.
About Experian® Data Breach Resolution
