5 steps to manage a data breach
5 steps to manage a data breach
When a data breach happens, businesses have a lot to lose. IBM’s global Cost of a Data Breach report found that in 2020, companies spent an average of US$3.86 million per breach. The costs include time and effort dealing with the breach, lost revenue due to system downtime, reputation losses, regulatory fines, and legal costs1.
While many companies work hard to ensure their data security is tight, cyber criminals are notorious for being one step ahead. That means it’s vital to be prepared for “when” a data breach happens, not “if.” To manage data breaches, battle-ready businesses will want to put together a dedicated response team and implement their own plan of attack. Here are five steps to include in the plan:
Identify how the breach happened and what was leaked.
First, you need to determine how the attack took place and what data was affected, which can be done using root-cause analysis and forensics2. Common causes of data breaches include stolen or weak passwords, application vulnerabilities, malware, employee error, and malicious internal acts. By identifying the root cause of the breach and investigating what was leaked, you’ll be able to carry out the next steps more effectively 3,4.
Contain the breach.
Take steps to contain the breach in as short a time as possible to minimize further damage and risk. An effective course of action is: stopping the unauthorized practice; shutting the system down that was breached; changing passwords immediately; limiting access of individuals suspected of causing the breach; recovering the records; and correcting weaknesses in physical or electronic security5,6.
Notify those affected.
Notify your customers, business partners, vendors, or other parties whose data was affected by the breach. Include the date of the breach; details on what was compromised; and what action, if any, the recipient needs to take7.
Not only do you need to notify individuals of any breach of the security of safeguards involving their personal information, but if the breach is believed to be of “significant harm”, your organization must also report the breach to the Privacy Commissioner of Canada8.
The Personal Information Protection and Electronic Documents Act (PIPEDA) defines “significant harm” to include bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record, and damage to or loss of property9. Notification to impacted individuals and the Privacy Commissioner should take place as soon as possible when the organization determines a breach has occurred.
Whether you’re notifying vendors and customers, or the media (if that’s necessary), be open and sincere, describe solutions for affected users, and explain how you’re preventing similar issues from happening again8,10. Keep in mind: you may also need to report the breach to authorities, depending on the specific circumstances of the breach11.
Conduct a security audit.
Managing a data breach doesn’t stop once you’ve patched things up. A smart next step is to conduct a data-security audit, which allows you to identify threats and vulnerabilities in your company’s IT infrastructure and security systems. The steps in an audit generally include: establishing the scope of the audit; creating a master list of all the assets that require protection; defining threats to your data; assessing the risk of each threat; and creating a list of security measures you need to implement9,12 .
Prepare for future attacks.
If your company is attacked once, there’s a strong possibility it will happen again, as cyber criminals are enticed to try again if they’ve already succeeded13. The vulnerabilities uncovered in your security audit will help you put the right data-security systems and procedures in place, whether it’s performing better data backups, conducting cyber-security awareness training, or acquiring more appropriate security technology14.
As you firm up your data-security measures, consider your insurance coverage as a critical component in your plan. Some insurers even offer breach preparation and crisis management services. Contact your broker and ensure you’re properly covered in the event of a data breach or other cyber-attack.
1 “Cost of a Data Breach Report 2020,” IBM Security and Ponemon Institute, July 2020
2,3 “Data breach experts share the most important next step you should take after a data breach in 2019 & beyond,” Digital Guardian, Aug. 11, 2020
4 “Digging in: Why root cause analysis is crucial in IR,” Avertium,” July 17, 2020
5 “Data breaches: Why and how to handle the attack,” TechAeris, Dec. 15, 2020
6 “Preventing and responding to a privacy breach,” Office of the Privacy Commissioner of Canada, Sept. 2018
7 “Top 5 ways to handle a data breach,” SecurityTrails, Nov. 27, 2018
8,9 Office of the Privacy Commissioner of Canada. (2018, October 29). What you need to know about mandatory reporting of breaches of security safeguards. Retrieved February 05, 2021,
10 “Data breach experts share the most important next step you should take after a data breach in 2019 & beyond,” Digital Guardian, Aug. 11, 2020
11,12 “What you need to know about mandatory reporting of breaches of security safeguards,” Office of the Privacy Commissioner of Canada, Oct. 2018
13 “4 easy steps how to conduct IT security audit of your own company,” SmartDataCollective, May 22, 2017
14 “Avoid security breaches: How to protect your data,” Computer World, April 1, 2020