Brokerage Ops the June 2013 issue

Q&A with Meredith Schnur

Data Breach? Don’t do this.
Posted on May 29, 2013

Investigate first before you announce anything.

What shouldn’t you do when a data breach occurs?
One of the worst mistakes we’ve seen over the past couple years is to immediately notify everybody when a breach occurs. We see a lot of that—first and foremost because they think they can take care of it as soon as possible to avoid any future damage to their reputation when they could be damaging their reputation more because they might not have to notify. You need to investigate first before you announce anything publicly.
What other problems do you see?
Many of our clients do not have a mature incident response team in place. This is a team made up of internal and external resources who are responsible in the event of a breach, just like any other disaster recovery type of plan. Oftentimes, the risk management department is not in the immediate “know” when a breach occurs. This makes it difficult when coordinating with insurance if the insured begins to incur breach-related costs. Lastly, most insureds check off the box that they have an incident response program, but they’ve never tested it. They should be doing that regularly. It’s going to happen. The more prepared they are, the less they’re going to spend, the less harm to their reputation and, in the long run, the less cost to their company.

More in Brokerage Ops

Don’t Be Risky
Brokerage Ops Don’t Be Risky
Here are three ways your client service talent strategy can supercharge (or sink...
Brokerage Ops Fearless Feedback
You can take the dread out of performance improvement conversations.
Building an Inclusive Workplace
Brokerage Ops Building an Inclusive Workplace
When you get serious about diversity in your company, you’ll need to train you...