Government Controllers Speak

Discover how government controllers are leading the state and federal governments out of the pandemic in FEI's ForwardThinking Q2 Series.

Strategy Grant Thornton

If You Haven't Begun Cybersecurity Incident Response Planning, is it Already Too Late?


Sponsored by Grant Thornton

The question is no longer whether we will be breached but when we will be breached. Cybersecurity is a C-suite and board-level issue requiring a comprehensive risk management strategy, intelligent investment and integration across the organization.

By now, most senior-level executives have heard that either you have had a data breach or you just don’t know that you’ve had a data breach. Cyberattacks are now as much a part of doing business as taxes and financial statements, and they are getting expensive. According to the 2015 U.S. Cost of a Data Breach Study by the Ponemon Institute, last year there was an 11% increase in the total cost of a data breach, to a $217 average per lost or stolen record. To be sure, those numbers are based on estimated costs of actual data loss incidents, not hypotheticals.

Today’s organizations face a sobering reality. The question is no longer whether we will be breached but when we will be breached. Cybersecurity is a C-suite and board-level issue requiring a comprehensive risk management strategy, intelligent investment and integration across the organization.

While the costs associated with a data breach continue to rise, there are established best practices that can mitigate some of those costs. The 2015 U.S. Cost of a Data Breach Study found that having an Incident Response (IR) plan and team in place, extensive use of encryption, business continuity management (BCM) involvement, chief information security officer (CISO) leadership, employee training, board-level involvement, and insurance protection are viewed as reducing the cost of a data breach. An IR team can decrease the average cost of a data breach from $217 to $193.2 (decrease = $23.8) per lost or stolen record. However, third-party error, a rush to notify, lost or stolen devices, and the engagement of external consultants to support the IR team response to a breach increased data breach cost.

When determined adversaries such as hacktivists, state-sponsored actors and organized criminal syndicates set their minds to finding a way inside, every organization with valuable digitized information is at risk of having its information assets breached and its critical assets compromised. Indeed, most organizations today would do well to expand their efforts to mitigate the consequences of inevitable breaches, which likely affect infrastructure systems and compromise key data such as personally identifiable information and confidential business information. A properly drafted IR plan guides the proactive planning and management necessary to effectively react to such breaches.

In an effort to support senior financial executives in their cybersecurity incident planning and response, Financial Executives Research Foundation (FERF) and Grant Thornton LLP have identified several essential areas for their consideration.

Clearly, having an IR plan and team in place, extensive use of encryption, BCM involvement, CISO leadership, employee training, board-level involvement, and insurance protection would all be considered best practices. These elements should be considered the foundation of a robust cybersecurity incident program. FERF, in cooperation with Grant Thornton LLP, spoke with several subject matter experts from a variety of fields to glean insights and recommendations for instituting an effective cybersecurity incident response program.

This report’s findings are based on in-depth interviews, conducted between August and September 2015, with 10 subject matter experts of various specializations, including legal, PR and communications, insurance, and IT security. The interviewees provided their perspectives on cyberrisk management strategies and best practices in cyberbreach response.

Download the full report here.