Hacking of organisations’ systems is becoming increasingly commonplace, even with advancements in security practices. To mitigate risk, a company must have an enterprise-level, cross-functional incident response plan that is rehearsed and practiced. In the event of an incident a company with a rehearsed plan can avoid delays and mistakes, minimize conflicts between functions, and ensure regulatory, legal and contractual reporting requirements are met.

Companies and organisations across the globe face increasing threats of a security breach — both from internal threats (disgruntled employees or mislaid documents or laptops) and external threats (criminal networks, state-sponsored espionage and hacktivists). Breaches and other cybersecurity incidents can damage reputation and give rise to operational and legal risks, for example:

• Disruption of service (e.g., due to distributed denial of service (DDoS) attacks)
• Interrupted payment processing (e.g., due to breach of checkout terminals)
• Costs of investigation, remediation and notification
• Need for timely compliance with diverse and divergent domestic and foreign laws and regulations governing data breach notification
• Inquiries from regulators concerning the nature, scope, and cause of the breach, and investigations into the adequacy of pre-incident security measures
• Impact on share price following public disclosure of incident, where required
• Class actions or other private lawsuits brought by consumers, shareholders, or other affected parties
• Breach of contract disputes from customers and vendors

While no one can predict when or how a cybersecurity breach will occur, organisations should take active steps to prepare. Read our five steps to help ensure an organisation’s cyber-readiness.