What partners do businesses need to prepare for a data breach?

The risk of a data breach is an ever-present challenge for businesses across the world. With more transactions between business and customer now carried out digitally than ever before, the currency of data – and its safe-keeping – has never been more critical.

As discussed in my previous Finextra blog, there are a number of things organisations can and should do internally to prepare for a data breach,  ensuring it can quickly and efficiently deal with any significant incidents.

Thankfully, companies do not have to face this challenge alone. In addition to internal precautions and practices, there are several external partners which can support and assist rapidly in the event of any breach, minimising the reputational impact to the business and to its customers.

Here, I will explore the roles and relevance of specialist partners, and how to select the right one for your business.

Legal Counsel

Your support network should include legal partners working with in-house counsel, regulatory bodies and other relevant officials. Legal partners provide the link with regulatory entities to support your post-breach activities. They can advise you on information disclosure and ensure everything is properly recorded and documented to avoid unnecessary legal risks.

Your legal counsel is responsible for:

• Handling communication with local regulatory entities, such as The Information Commissioner’s Office.
• Advising on information disclosure to avoid litigation risks, based on recent case law developments
• Ensuring anything recorded or documented meets the need for transparency without creating unnecessary legal risk.

A good legal partner will have ideally managed previous data breach notifications and should also introduce you to other data breach experts to help pre-empt, plan for and respond to data breach incidents.

IT Forensics

These data investigation specialists offer the expertise you need to translate technical analysis of a data breach into the risk implications for your organisation. They provide the data and insights to support the decision makers in your business as they plan and manage your response.

Your IT forensics partner is responsible for:

• Confirming if a data breach has occurred and advising what data has been compromised.
• Putting in place solutions to stop further data loss and prevent further harm and look at ways to mitigate attacks in the future.
• Preserving evidence and managing the chain of custody, including minimising the chance of evidence being altered or destroyed.

Crisis Communications

The way you communicate with customers, employees, stakeholders, investors, regulators, and other partners following any data breach is critical to the success of your response.

Crisis communications specialists both externally and internally can help you to get it right. Look for specialists that have experience in managing highly publicised security issues, and who understand the technical, regulatory and legal nuances of managing data breach communications.

Your crisis communications partner is responsible for:

• Developing all public-facing communications collateral, for every stage of your incident response.
• Advising you on how best to position the incident and communicate it to your critical audiences.
• Monitoring media coverage of the event on traditional and social media channels and respond to media enquires

Customer Response

As data management and analysis experts, these partners help you prepare for and manage the practical elements of the data breach or crisis response.

They provide a range of services and resources, including response planning, postal and email fulfilment, multi-lingual call centre support, and credit and identity monitoring solutions.

Look for providers with proven experience in managing mass-notification projects, with high-volume call centre resources, and experience in crisis query handling.

Your response partner is responsible for:

• Response planning, including resource evaluation and gap analysis.

• Handling all aspects of customer account management and notification, including drafting and deployment (supported by address verification).
• Providing 24/7 inbound call centre support to handle consumer queries and providing credit and identity monitoring services.

Insurers, influencers and regulators

An experienced insurance broker with specific expertise in cyber insurance is another valuable partner. They can help you demonstrate a strong security posture to insurers and select the right policy and insurer for your business needs.

You should also establish relationships with appropriate regulatory bodies, including the police cybercrime unit, to determine best practice and help streamline response processes in the event of a breach.