Early breach preparation can save costs as attacks growReprints
NASHVILLE, Tenn. – As the number of cyber breaches multiplies, organizations should have breach response teams and policies in place beforehand to save costs when their systems are compromised, a cyber insurance expert said.
“You don’t want to want to start figuring out who to hire — whether it be a lawyer or a forensics investigator — as you are sending the FBI guys out the door and thanking them for telling you about the breach,” said Robert Parisi, cyber product leader at Marsh L.L.C. in New York.
Forensic investigators and breach monitoring firms charge multiples of their normal charges when an organization approaches them in the immediate wake of a breach, he said during a session at the Claims and Litigation Management Alliance Conference in Nashville, Tennessee, on Thursday.
Breach response plans and arrangements with outside service providers should be set up well in advance, Mr. Parisi said.
As part of those plans, organizations should establish an incident response team, but that team should not include the most senior executive of the organization. Executives with large personalities may want to take over the response and deviate from the established plan, he said. “Have the plan, work the plan. That seems to be the best way to keep losses to a minimum.”
And the plans in place need to address a wider array of possible breaches as system security events evolve.
Several years ago, lost laptops were the main cause of breaches, said James E. Prendergast a partner at Mullen Coughlin in Wayne, Pennsylvania.
But there has been such a growth in network compromises in recent years that there is now a wide variety of breach incidents to prepare for, he said.
For example, ransomware events used to be dealt with by many companies by paying the ransom, being given the key to unlock their systems by the hackers and then going back to business, Mr. Prendergast said.
Nowadays, ransomware attacks can be part of a wider attack where private information is also accessed by hackers, he said.
In addition, “the key used to be the key, but now sometimes the key comes with more viruses inside the key … so even something as simple as ransomware, eighteen months to two years ago usually came in one generic form and now its substantially more complicated,” Mr. Prendergast said.
CLM is a sister organization of Business Insurance.