The First 72 Hours

Eight in ten organizations have experienced two or more data breaches, and the global average cost per breach is nearly $4.5 million. Quick identification of personal health information or sensitive corporate data that was compromised is the key to minimizing cost and damage to reputation. The EU’s General Data Protection Regulation, for example, requires the responsible entity to report incidents involving personal health information and other sensitive data within 72 hours of detection. Many regulations in the U.S. and abroad require a detailed description of the data impacted, and accurate outlines of the approximate number of data subjects, categories concerned, and affected records. The above-referenced article provides a checklist of considerations in selecting a cyber incident response provider. Among other requirements, be certain any potential partner understands the differences between specialized cyber incident response and e-discovery issues, uses AI and machine learning, and has multilingual capabilities.