Data Breach Response

Data Breach Requires Better Response Planning


Wannacry, Notpetya, Bad Rabbit — malware might have whimsical names, but there’s nothing cute about the consequences once they’re unleashed on technology infrastructures. Wannacry targeted numerous industries, including healthcare and automotive companies, and held more than 300,000 machines for ransom. Notpetya caused FedEx to lose $300 million. Bad Rabbit spread malware throughout Russia and beyond.

In the age of data breaches and cybercriminals, businesses and organizations are liable when hackers steal sensitive consumer and client information. Technology compliance standards have changed to reflect new levels of accountability. Since there’s currently no technology that can provide perfect defense against cyber-attacks, businesses should be prepared to manage the fall out in case of a data breach.

This article will outline key steps in building a data breach response plan that will help your business mitigate damage following a cyber-attack.

Data Breach Response Plan Essentials


  1. Determine How Vulnerable You Are to an Attack.

Determining businesses vulnerability to a data breach should be the first thing you research when devising a response plan. This step will give you a clearer picture of how much time, money, and effort should be put into a cyber-attack response strategy. Consider conducting a third-party penetration test to assess how well your current cybersecurity can repel and recover from cyber-attacks.

  1. Classify Data Assets.

Once you have evaluated your business’ security, bolstered any weak points, and assessed the likelihood of experiencing a data breach, consider the importance of your data assets. Classify your data assets in order of importance. Rate data assets as having either high, medium, or low value. This stratification will assist you in prioritizing the most urgent concerns during and after an attack.

  1. Assemble an Internal Team.

Companies with significant protected information should establish a breach evaluation and response team to guide the company’s actions following a breach of substantial protected information. The size of the team will depend on the geographic reach, sophistication, and data loss exposure of the company, but it should include legal counsel, an information technology manager, a human relations manager, an operations manager, and corporate communications personnel. At a minimum, the team should be tasked with:

  • Advising top management and corporate boards of key breach and response developments
  • Communicating internally to all employees that the potential breach has occurred
  • Tracking and meeting all applicable breach-related deadlines imposed by applicable law and vendor agreements
  • Making sure internal discussions and response plans are protected by attorney-client privilege to the greatest extent possible.
  1. Create an Action Item Checklist.

Well-crafted response plans for larger companies should include a checklist of prioritized action items to be completed immediately after the company learns of a potential significant data breach. Some key items include:

  • Recording the date and time the breach is discovered
  • Finalizing and activating both the internal and outside response teams for the type of breach
  • Establishing a secure perimeter around any equipment or systems believed to be part of a breach
  • Taking potentially compromised system off-line to avoid additional incursions
  • Conducting initial interviews of those with critical knowledge of the potential breach
  • Getting forensics personnel on site to make a secure copy of the affected systems
  • Beginning to discuss action items to be undertaken over the next day or days
  • Avoiding public statements until forensics determines an unauthorized incursion occurred. A false alarm can do serious and unnecessary harm to the company’s reputation
  1. Track Key Breach-Related Rights, Obligations and Deadlines.

While any well-constructed WISP should identify the key legal obligations, the company must meet under applicable state or federal laws, especially any deadlines for reporting or responding to potential breaches, the response should track all data security-related deadlines. This is particularly true for bilateral contract security provisions with your vendors that require additional data security-related notice, reporting, or task completion deadlines. These should be tracked so deadlines and obligations are not accidentally missed.



Cybercrime is not a fad. As technology advances, businesses must increase cybersecurity efforts while also taking accountability and compliance standards into consideration. Your business is responsible for sensitive client information once it’s in your hands. If you have more questions about building a data breach response plan, reach out to TCOR today.

It is our job to help you identify those areas that are most vulnerable to loss. We help you design an effective program to manage your total cost of risk (TCOR). This Risk Control Plan ™ helps minimize your exposures and protect your way of life. We’ll help you design a plan that suits your needs and offers you the best protection.


Despite our offices being closed to the general public, please know that we are operating and are fully functional. read more...

The coronavirus (COVID-19) has ushered in an unprecedented new reality with a far-reaching impact on families and businesses. Alliant remains steadfastly committed to serving as a pillar of strength and support for the valued clients and communities we serve. The health and safety of our employees and clients is of utmost importance to us.

Despite our offices being closed to the general public, please know that we are operating and are fully functional. We have encouraged our employees to work from home and continue to deliver the highest level of customer service with as little disruption as possible. As we continue to monitor and adapt to this everchanging situation, we will endeavor to keep you updated. The link below provides several resources for businesses owners and will be updated frequently.