When that day comes (and if it hasn’t already, it will), when your business is hit by a major data-security incident, what plans do you have in place to mitigate the effect? An incident can of course be related to a virus, malware, hack or other threat, but many incidents occur as a result of something far more innocuous like poor user security management, accidental deletion, machine failure or natural disaster.
Many business owners and managers don’t even realise that they are required by law to have a plan for dealing with such incidents, but either way it is a critical necessity in these times of ever more complex systems and distributed attack surfaces. Knowing how to deal with an incident properly can be the difference between continuing to function as normal and going bust, or at least having substantial fines levied against the organisation.
But incident response isn’t a back-of-a-cigarette-box undertaking. Good management involves more scrupulous planning than many are willing to invest in it, not least because it is often wrongly assumed that it will be an occurrence too rare to be of concern. But meanwhile, data breaches are occurring all the time in various forms, and usually take everyone by surprise, leading to severe reputational damage.