top of page
  • kliebertlawfirm

A Data Breach Response Plan: Do You Really Need It?

One of the most important assets your business has is your data. You are responsible for protecting the data you have on your employees, your clients, and your customers. Not only is it an expectation, but it is legally required. To keep your business in compliance, you must adhere to all privacy regulations. This includes using the proper technologies to keep this information safe. Taking these measures can help strengthen and grow your business as customers and clients develop trust with your brand.

Regardless of the technology and privacy protections you have in place, no business is immune from a data breach. We see it time and again every year. Victims of data breaches over the last few years include companies like Equifax, Facebook, Grinder, Wawa, and Disney+. Victims also include small companies, with 21% of SMBs reporting a data breach between 2017 and 2019.

A data breach can hurt your business’ brand image. 46% of organizations suffer damage to their reputation and brand value following a data breach according to a Forbes Insights report. Additionally, a study commissioned by Centrify found that 65% of individuals whose information is involved in a data breach lose trust in the company whose system was breached. How your business decides to respond to a breach, however, can have a drastic impact on the ramifications of the breach. Rather than leave it to chance (or gut reaction), it’s always better to have a plan in place should your business ever be the victim of a data breach.

What is a Cyber Incident Response Plan?

Before we get into understanding what a data breach response plan is, we need to understand what a data breach is. This event is described as unauthorized access to information. A data breach may include access to a user or customer’s full name, email address, physical address, profile picture, financial information, or other sensitive information.

A data breach response plan, also called a cyber incident response plan, is essentially an outline of the steps to be taken to mitigate damage should a breach occur. It’s important to remember that a response plan is not used only in the event of a data breach, as one step in your response plan should be determining whether the incident resulted in a data breach. Prevention and planning is the best thing you can do to protect your business from the potentially catastrophic fallout of a data breach.

While every response plan is unique to the business for which it’s created, all plans should include at least the following information. The more specific your incident response plan is, the less you have to think about should you have to use it.

Specific Definition of a Breach

First, you must define what a security breach is for your company. In other words, identify the types of situations that would activate your response plan. You may have different plans for different definitions of a breach. For instance, minor breaches such as a phishing email may not trigger your full-blown response plan, but rather a modified version meant to identify whether further investigation is warranted.


Next, your plan should outline how your business will detect a security incident. This may be through automatic detection mechanisms, reports from employees, or reports from outside sources.

Identify Response Team

Determining the response team ahead of time can help your business respond to the situation both quickly and efficiently. In addition to identifying who will be a part of the response team, the plan should outline each team member’s role in the response. This step will help make sure the process goes smoothly should you become the victim of a cybercrime.

A successful response team will have members from all different departments of the business including IT, HR, communications, risk management, senior management, and legal. It will also consider whether external resources, such as forensics analysts, outside legal counsel, and insurance brokers should be involved.

Investigation, Containment, & Remediation

All security breaches are not created equal. An important part of your plan should be investigating the source of the breach and its effects to determine whether further action is necessary. If the breach is ongoing, this step might include taking action to contain the breach to prevent further damage. It should also include any action necessary to repair damage to your network.

Notifications & Communication

Every response plan should include a determination of your legal requirements in the wake of a breach. These requirements might mandate notice of the breach to your customers, employees, or regulators. You may also want to consider notifying law enforcement and your insurance carriers of the incident.


Finally, your team must practice the response plan before it is needed. Regular review of this plan with all members of the response team is important to keep the plan fresh in each team member’s mind. This will help minimize your response time, which in turn can help mitigate some of the damage that can be caused by a data breach. You should also review the plan at least annually (or when you make material changes to your business) so that any necessary updates can be made.

Benefits of a Data Breach Response Plan

Building a relationship of trust with a customer or client takes an investment of both time and money. However, a data breach can quickly break a client’s trust in your business and could permanently damage their brand loyalty. This is why you must act swiftly as soon as you discover there has been a breach.

If you do not already have a plan in place, you may inadvertently draw out the time it takes to stop the breach and start doing damage control. The longer it takes you to address the breach, the more your brand value will be damaged. Sadly, this damage can be severe and sometimes even irreversible.

On the other hand, if you have a data breach response plan, you will know exactly what to do when you discover a data breach. You’ll know who is responsible for each part of the plan and steps can be taken immediately to stop the breach. In turn, this can minimize the damage to your brand value.

Unfortunately, cyber-attacks are often targeted at small businesses. This is because small businesses are often more vulnerable than large corporations. This vulnerability comes from the fact that SMBs cannot afford a dedicated IT staff, they often have inadequate network security, and overall protection is lacking. Additionally, small businesses may not have backup storage to protect their data offsite.

A 2018 report states that 60% of small businesses close within six months of a cyber attack. Having a data breach response plan that helps you respond quickly to a data breach may just be the difference between keeping your business open or shutting shop.

Where to Start If You Need to Create a Data Breach Response Plan

Having a data breach response plan is essential for any small business, but the process of developing one can be overwhelming. Rather than try to wing it on your own, have an expert in your corner guiding you along the way. Working with Kliebert Law can help you develop the data breach response plan your small business needs. Contact Kate today!



bottom of page