The HUB Data Breach Response and Recovery Protocol
The scenario: You’ve been hacked.
Naturally, you’ll want to solve any issues yourself. The problem is, your best intentions may do more damage. Taking matters into your own hands can lead to a cyber claims denial, it can broaden the reach of your hack and it can ultimately create new exposures for your organization.
Even with a cyber insurance policy and a highly skilled in-house IT team, you will want to engage your insurance broker ASAP, to address the attack in its entirety.
From the first critical hours to the remainder of the breach, here’s what needs to happen: Within 5 hours of the breach, your broker should: engage an experienced privacy attorney who enlists a cyber forensics expert in data breaches under attorney/client privilege, all while a PR firm that specializes in cyber breaches unveils a campaign to mitigate the internal and external effects of the data privacy event that, had it gone undetected for another minute, could have wiped out your entire organization.
Handling dozens of cyber breaches from start to finish, HUB brokers will help minimize your downtime and reduce your upfront costs.
Putting Your Cyber Policy into Action
HOUR 1: As soon as you suspect something has gone wrong, calling your broker brings all the resources you’ll need directly to your fingertips – a privacy attorney, a cyber forensics expert, notification and credit monitoring as well as a PR firm whose job it is to maintain the reputation you’ve worked so hard to build. Your HUB broker reviews your cyber policy coverage and, together with you, calls the policy’s 800 number for cyber claims to initiate a claim.
HOUR 2: You’ll be on the phone with one of HUB’s vetted privacy attorneys to determine your next steps. This includes hiring a reputable cyber forensics expert to verify the when, how and why your breach occurred – even determining if your network is still infiltrated.
HOUR 3: You’ll have a forensic scope call with your new privacy attorney and the forensic experts. Having your privacy attorney hire the forensic expert on your behalf is a key move. It ensures that the entire forensic investigation remains under attorney client privilege and can’t be subpoenaed later by regulatory officials or a class action lawsuit that results from your data breach. It ensures that inexperienced IT personnel don’t access your already compromised network and come to false conclusions.
At the same time, depending on the scope of the event, your broker will hire an experienced PR firm to create messaging around your data breach, both focused on restoring faith with internal members of your staff as well as external clients, customer and vendors, as necessary.
5 DAYS+: Once the forensic report comes back – anywhere from five days to five weeks, depending on the scope of the breach – your privacy attorney will determine if personally identifiable information (PII) was exposed, requiring individual and/or regulatory notification, including HIPPA, the FCC and/or FTC as well as any number of states.
Where individual notification is necessary, organizations could have to comply with as many as 50 different states’ privacy laws, dictated by the breached individual’s residence. When this happens, your broker will engage a policy-approved, experienced notification call center to handle the barrage of necessary paperwork.
Going at a cyber breach alone is a sure way to dig your organization deeper into crisis. Working together with your HUB cyber broker from the first hour of crisis is a sure way to get yourself to the other side of a cyber breach safely – and as intact as possible.
Don’t have a cyber policy? Your HUB broker can still help.
While out of pocket costs are minimized when you have a cyber policy, your HUB broker can still help you remediate a data breach even without cyber coverage. This includes connecting you to a privacy attorney who will initiate a forensic investigation under attorney-client privilege, determining if you need to notify affected individuals and state or federal authorities.