Managing Data Breaches

skip to main content
Cyber

Managing data breaches

01/2019

Reducing the risk

As with so many other risks, the best way to manage cyber risks like data breaches is to reduce the risk and exposure as much as possible. Reducing the risk protects a business and its customers and clients from having their data compromised while reducing the exposure protects a business from the consequences of data breaches

 

Reducing exposure is best accomplished by purchasing cyber liability insurance. Reducing the risk is best accomplished by implementing the security measures that best suit the business and the type of data being held. Unfortunately, there isn’t a global standard or a solution that suits all organisations.

 

Regardless of which security measures are chosen, it’s vital that security products and services be continuously monitored and kept up to date. Businesses must also take steps to ensure basic cyber safety practices are implemented. This includes measures like good password practices and employing data encryption where relevant. This won’t create a foolproof system that eliminates the risk of a data breach occurring but it will significantly reduce the risk.

 

Responding to a data breach

In addition to implementing practices and procedures that prevent data breaches, a good data breach risk management strategy will include guidelines that should be followed in the event a breach does occur. Such guidelines should specify whether IT, PR, legal etc. professionals need to be engaged and should also cover protocols for:

 

  1. Containing a breach and limiting further damage

    including protocols for shutting down and preventing further access to a system that has been breached

  2. Assessing the risks associated with and impacts of a breach

    including the impacts on the business, such as whether compromised data will affect other business processes or relationships with third parties, and the impacts on the business’s customers, such as the number of people affected and the nature of the data that was compromised

  3. Reporting a breach

    who needs to be notified, when and how they should be notified and what information they need to be given

  4. Rectifying a breach

    including procedures for attempting to recover lost data and restarting compromised systems

  5. Assessing the effectiveness of the response and preventing future breaches

    including protocols for: determining whether criminal activity, human error or inadequate procedures contributed to the breach; evaluating any operational, policy, resource, employee or management issues that arose during the response to a breach; and modifying any procedures or behaviours that contributed to the breach

     

Summary

Managing cyber risks like data breaches requires an integrated approach designed to:

    •    prevent an attack

    •    limit the exposure

    •    respond to an incident in the event prevention fails

 

Watch the webinar

Getting your brain around cyber: A multi-faceted risk, for more tips on improving an organisation’s cyber resilience and insights into cyber trends.

Play Webinar

No part of this article may be reproduced in any written, electronic, recording, or printed form without written permission of Chubb.

@2022 Chubb. The contents of this document are for informative purposes only and do not constitute advice. Please review the full terms, conditions and exclusions of our policies to consider whether they are right for you. Coverage may be underwritten by one or more Chubb companies or our network partners. Not all coverages and services are available in all countries and territories. Chubb® and its respective logos, and Chubb. Insured.SM are protected trademarks of Chubb.

contact us
contact us

Have a question or need more information?

Leave your contact details and our representatives will get in touch with you.
Contact us