Brunswick Review Issue 9

Ready or not

A clear strategy for handling a data breach can spare companies a lot of pain, says Brunswick’s George Little

Companies that have clear plans in place to handle data security breaches fare better than those that don’t. Some of the largest breaches ever reported, including those suffered by five Fortune 500 companies, are analyzed in the chart below. Those that were better prepared responded more effectively, according to an analysis by AllClear ID, which specializes in data breach preparation and response.

The letters A through H reflect the combination of preparedness and effective response to a breach – each combination may be common to more than one company. Preparedness was measured by factors such as the level of detail in a response plan; the establishment, in advance, of a “war room” of personnel to handle a crisis; and at what point outside experts were brought in to assist. Response effectiveness was measured by factors including media coverage, expenses and how well the communications team managed.

Execution proves to be a critical factor. In scenarios B and C, companies’ responses scored highly, in spite of above average but less than perfect preparation. Meanwhile in D, companies scored lower for response effectiveness, despite their preparation, due to poor decision-making during the response.