Six key experts you need on your data breach response team

I think it’s a reasonable assumption to say that most businesses are prepared when it comes to business continuity planning. Most organisations have a plan and team in place should their business be affected by a power outage or fire, but what if your business was to experience a data breach incident? Would you be confident your organisation has the right team of experts and a comprehensive plan in place to allow you to efficiently and effectively respond, reassure and recover following a data breach?

With increasing numbers of UK businesses and their customers being affected by cybercrime and identity theft, no business is immune. Whether a business is small, medium or large – the business and their customers are all potential targets.

The first 24 hours after a data breach is discovered are critical, and the speed of response is of paramount importance. Defining a strong, capable team who can manage the complexities of a data breach is essential to mitigate damage to the organisation, and – crucially – those affected.  

Read our free step-by-step guide: Experian Data Breach Response Guide

So who are the six key experts you need on your data breach response team? 

1. Incident Leader - The Incident Leader will help you understand your legal obligations and play a key role in managing and coordinating the organisation’s overall response efforts and incident team. They’ll act as an intermediary between C-level executives and the team to report progress and keep everyone up to date and on track.
2. Executive Leader - Including your company’s key decision-makers as advisors to your data breach response team will ensure you have the necessary leadership, backing and resources to properly develop and test your readiness plan.
3. Information Technology & Security expert - Your IT and security experts are likely to lead the way in putting preventative measures in place, but not necessarily investigating an incident. Think about providing proactive incident response training and help them to safely manage infected machines, and determine a forensics agency that can support in identifying compromised data and delete hacker tools, whilst making progress and preserving essential evidence.
4. Legal & Privacy – The legal, privacy and compliance experts will help shape your data breach response plan and help minimise the risk of litigation and fines. They will play a crucial role in determining whether to notify affected individuals, the media, lawyers, regulatory bodies and other relevant third parties. They will play a key role in ensuring the business proactively determines the appropriate external legal representation and continually reviews the latest regulatory guidance.
5. Public Relations - Depending on the size of the data breach and industry, there may be a requirement to report the breach to the media and/or notify affected individuals. Your representative from your PR/communications department will determine the best tactical notification approach and handle the key facts about the data breach ensuring internal and external enquiries can be managed appropriately. They should also track and analyse media coverage quickly, responding to any negative press during and after an incident.
6. Customer Care & Human Resources - Data breaches may affect both your customers and your employees so pre determining a plan for setting up a data breach hotline will be of paramount importance. By creating simulation training for your Customer Service Representatives and Human Resources teams to demonstrate how their roles would change during a data breach will reassure and determine how they can manage enquiries efficiently and effectively.

Remember each and every member of the data breach response team will also need a backup person should they be unavailable during the breach period.

Ensure you have your ‘Customer First’ readiness plan in place so you can look to the future with confidence. Download our Data Breach Response Guide or find out how Experian can help you prepare www.experian.co.uk/databreach.

Did you find this post helpful? If so, please do 'share' and 'like'.

Research methodology: Survey conducted by ComRes, surveying 302 IT business decision-makers within small, medium-small and medium-large enterprises in January 2016, online and by telephone. All businesses held PII data for more than 100 customers or employees. ComRes also interviewed 2,008 British adults. Unless otherwise stated, all statistics relate to this research.