The Ponemon Institute’s 2017 study on the cost of a data breach showed companies have a one in four chance of experiencing such a breach within a two-year period. In my experience working in the cybersecurity industry, I’ve seen the damage a breach can inflict firsthand. And unfortunately, this unsettling trend will continue for the foreseeable future.

Far too often, companies are more concerned about the incident itself: How did it come to fruition? How long will it last? Where did it start? The questions are seemingly endless. While these are valid concerns, the breach is only the beginning of the trouble.

It’s what happens after a data breach that causes most companies to falter. The extent of the damage largely depends on the organization’s preparedness level. According to the Ponemon study, one of the most effective ways to reduce the cost of a data breach is to implement a cybersecurity incident response plan (CSIRP).

GDPR Regulations Impact the Cost of a Data Breach

The General Data Protection Regulation (GDPR), which goes into effect on May 25, requires companies to notify users of a data breach within 72 hours. With significant financial penalties at stake, it is even more critical to develop and test your CSIRP before a breach occurs. When you’re dealing with your company’s brand and reputation, the worst time to find out your CSIRP is flawed is in the middle of an emergency.

A CSIRP is a road map to guide your response to a cyberattack:

  • It defines the roles and responsibilities of all respondents.
  • It determines who is authorized to make major decisions.
  • It outlines communication flows and notification procedures pertaining to GDPR.

A comprehensive CSIRP — that is regularly tested and updated — can help incident response teams save valuable time and resources in the event of a breach.

Learn more about intelligent threat prevention and incident response

Building a CSIRP to Contain the Damage of a Breach

The IBM X-Force Incident Response and Intelligence Services (IRIS) team has worked with hundreds of clients to prepare for and respond to security incidents. IRIS consultants have found that nearly 50 percent of the CSIRPs they’ve evaluated show no evidence of a formal document life cycle or a history of continual revisions.

IRIS experts are noted for investigating some of the world’s top security incidents. In helping clients respond to declared incidents, these experts have observed what works well in a CSIRP — and what doesn’t. IRIS can help clients evaluate and improve an existing CSIRP or build a custom plan from the ground up. It can also help security leaders develop custom tabletop exercises to test their strategy.

In the event of an incident, it’s critical to answer three key questions: What has happened? What data have the attackers accessed? How can the damage be quickly contained and remediated? A robust incident response plan is absolutely crucial for getting these answers — especially given the strict data privacy regulations coming into effect this year.

Learn more about intelligent threat prevention and incident response

More from Incident Response

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today