CEOs and senior executives do not get fired when their companies get hacked or experience a data breach event. They get fired for failing to implement and test regularly a clearly defined, strategic management response to their data-breach event.

Whenever I speak to business audiences I always say, "No company can ever prevent itself from experiencing a data breach event and no single resource has all of the answers.” The point is your company’s response and recovery strategy may be as important (or more important) than your current cybersecurity technology initiatives. Why? Because according to technology research company Gartner, the forecast for worldwide spending on information security will reach $76.9 billion this year. Grant Thornton, a global accounting advisory firm, reported the total estimated cost of cybersecurity attacks over the past 12 months is $315 billion.

Think about it, nearly $77 billion is spent on information security this year and yet the annual cost of cybersecurity attacks is an astonishing $315 billion and getting worse. While cybersecurity in general and preventing a data breach event in particular are one of the most difficult challenges in today’s workplace environment, the technology aspect is falling short and, frankly, has failed to live up to expectations. With high-profile hacking and data-breach events affecting every business sector including the top 10 banks, top 10 insurance companies and the three major credit bureaus – all of which have more financial and information technology resources than any other industry groups – what is the answer?

The answer is an information security and governance plan with an emphasis on response and recovery. I’m not saying to ignore technology such as security or penetration testing, managed services or information-technology outsourcing and access management. These are all critical resources in protecting your business and mitigating the risks of a cyberattack.

Step 1: Make an initial assessment during a cyberincident. During a cyberincident, your business immediately should assess the nature and scope of the data-breach event. The type of incident will determine the type of assistance you will need to respond and the type of damage and remedial efforts that may be required.

Step 2: Implement measures to minimize continuing damage. After your business knows whether the incident is an intentional cyberintrusion or an accidental release, determine next steps to stop ongoing damage and take steps to prevent it from happening again.

Step 3: Record and collect Information. Your business should immediately make a “forensic image” of the affected computers and/or a record of the data-breach event to preserve a record of the incident for later analysis and potentially for use as evidence at trial.

Step 4: Notify. Contact employees within the organization, affected individuals outside the organization and law enforcement if criminal activity is suspected. Also, know that 47 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have notification laws in place to notify any individual whose personally identifiable information has been breached.

Mark's Most Important: Increase the odds of your business surviving a data-breach event with a strong, tested and dynamic response and recovery plan.

Mark Pribish is vice-president and ID-theft practice leader at Merchants Information Solutions Inc., an ID theft-background screening company based in Phoenix. Contact him at This email address is being protected from spambots. You need JavaScript enabled to view it..This email address is being protected from spambots. You need JavaScript enabled to view it. article was originally published on and republished with the author's permission.


ITRC Sponsors and Supporters 





Go to top


Need identity theft information on the go?

Download our ID Theft Help Mobile app.