Don't Forget to Share this Post

Dealing with a Security Breach: Planning, Response & Resolution

By Kulvinder Gill | Thursday, April 5th, 2018

It’s no longer “what if” a security breach or cyber-attack occurs, but when and how it will occur. With recent data breaches such as, Saks, Lord & Taylor and Under Armour making headlines, it is imperative for firms to know what to do before a breach occurs and how to remain operational.

According to the 2017 Cost of Data Breach Study: Global Overviewed conducted by Ponemon Institute the average cost of a breach in 2013 came to $5.4 million and each year that number has risen, reaching new heights in 2017 at $7.35 million. 

Knowing there is a high chance for such an attack, the only way to be ready is to have a plan in place. There are three phases of Incident Response. The most important is the planning phase. Chances are your company will see some sort of attack this year, but the question is “when?” Here is a quick breakdown of these key phases on Incident Response.

Phase 1: Planning

To be prepared for a security breach or cyber-attack, you must first have a plan. A response plan should be completed in advance of any type of incident. Put together a team of internal staff (e.g. IT, Human Resources, Operations, Client Service, BCP) and external members (e.g. public relations, vendors, law enforcement) that may need to be contacted if the attack cannot be contained. By formulating a plan in advance, roles and responsibilities will be clearly defined and minimise the potential for fallout. Once the plan has been completed, it should be presented in writing and easy accessible during any attack.

Phase 2: Response

Perhaps the most critical phase is the actual Response phase (but keep in mind, the tone of this phase is set by whether your firm has a plan in place). The overall goal of the response is to keep the firm’s top priorities in mind: 

  • Ensure safety of staff

  • Fulfill key fiduciary responsibilities

  • Protect public/shareholders/investor

  • Resume business operations

  • Ensure financial losses will not exceed tolerance

  • Maintain forensic chain of custody

Phase 3: Resolution

The resolution phase allows the team to understand what occurred and devise a strategy to avoid a similar occurrence in the future. It’s critical to learn what factors may have caused the breach and, as a result, mitigate the risk of future events.

Want more information. Download our Critical Cybersecurity Threats & How to Prepare guidebook. 


This article has been updated and was originally published in January 2014.
Don't Forget to Share this Post

Related Posts

What Happens to Your Firm's IT Team When You Go Cloud?
Cybersecurity Threats and Must Have Tools to Secure Your Investment Firm
Seminar Recap: A Layered Approach to Security
How Cybersecurity Vulnerability Assessments Work for Investment Management Firms
Cloud Security Defined: The Required Safeguards Webinar Replay
20 Steps to Create a Cybersecurity Framework for Investment Management Firms

How Can Eze Castle Integration help you?Contact us today!

Contact Us