SLIDE 1
October 16, 2019
Incident Response as a Team Sport: Emerging and Best Practices
Gerard Stegmaier Reed Smith LLP Neva DePalma RadarFirst Samuel S. Rubin The Crypsis Group
Incident Response as a Team Sport: Emerging and Best Practices - - PowerPoint PPT Presentation
Incident Response as a Team Sport: Emerging and Best Practices - - PowerPoint PPT Presentation
October 16, 2019 Incident Response as a Team Sport: Emerging and Best Practices Gerard Stegmaier Reed Smith LLP Neva DePalma RadarFirst Samuel S. Rubin The Crypsis Group Questions + Contact Gerard Stegmaier Neva DePalma Samuel S. Rubin
SLIDE 2
SLIDE 3
Incident Response as a Team Sport
- Purpose of Session
A discussion on emerging trends at the intersections of law, forensics and tech-enabled response process
- Agenda:
What does the data say? A look at the current industry benchmarks on privacy incident response Cross-team collaboration discussion questions Q&A
SLIDE 4
Benchmarking Data for Incident Response
Industry Standards
About the Data:
- Date range for following data:
2017, 2018 and Jan-Jul of 2019
- All data has been anonymized
- Primary industries represented
include financial services, healthcare, and insurance
SLIDE 5
Incident Response as a Team Sport
Key Definitions
Incident: Unauthorized disclosure of personal information where multi-factor risk assessment is performed to decide whether it is a breach External Incident: An incident caused by a 3rd party processor or service provider Breach: An incident that requires notification to impacted individuals Occurrence Date: Date the incident took place Discovery Date: Date the entity became aware of the incident Notify Date: Date of first notification to regulators or individuals
SLIDE 6
Incident Response as a Team Sport
How Many Incidents are Notifiable?
Appropriate risk mitigation is crucial. With compliant multi-factor risk assessment you can avoid over- reporting.
SLIDE 7
Incident Response as a Team Sport
How Many Incidents are Notifiable- Industry Breakout (2019)
SLIDE 8
Incident Response as a Team Sport
Incident Category: Electronic, Paper, or Verbal/Visual
SLIDE 9
Incident Response as a Team Sport
Disposition of Incident: Malicious, Inadvertent, Intentional?
Unintentional / Inadvertent Intentional / not malicious Intentional / malicious
2018 2018
96% 2.9% 1.1%
2019 2019
96% 3% 1%
The majority of incidents are unintentional or inadvertent Regardless, there is a legal obligation to justify the decision, as well as document and demonstrate consistent risk assessment
SLIDE 10
Incident Response as a Team Sport
Incident Source: Internal vs. External
SLIDE 11
Incident Response as a Team Sport
Number of Individual Records Exposed per Incident
In 2019, 89.4% of incidents exposed only one individual record Over the course of a year, RadarFirst customers on average assessed incidents impacting individuals across 21 states.
SLIDE 12
Incident Response as a Team Sport
Average Incident Response Lifecycle
2019 BakerHostetler Report:
Occurrence to discovery = 66 days Discovery to notify = 56 days
SLIDE 13
IR Team Discussion Points
Challenges and Opportunities for Collaboration
SLIDE 14
Incident Response as a Team Sport
How do your privacy, legal, and security teams work together? Or do they…?
SLIDE 15
Incident Response as a Team Sport
What are key challenges in working cross-functionally?
SLIDE 16
Incident Response as a Team Sport
How are you being proactive in addressing privacy concerns in your organization?
SLIDE 17
Incident Response as a Team Sport
What is your yardstick for success?
SLIDE 18
Incident Response as a Team Sport
Looking forward, what are your key initiatives to be “better together?
SLIDE 19