Throughout the business world, breaches have become a constant reminder of the critical need to assess and take action on cyberrisk. But they can also make addressing the issue seem like an ever more daunting task, leading many to either put off substantive measures or blindly buy the latest insurance or software to â€œtake careâ€ of the problem and move on.
â€œThe biggest mistake companies make in the breach recovery process is just not being aware of the risk in the first place,â€ said John Mullen, managing partner at Lewis Brisbois Bisgaard & Smith LLP and chair of the firmâ€™s data privacy and network security practice. â€œYou would be amazedâ€”I do up to 100 presentations a year, and at 80% of them, people still look at me like itâ€™s the first time they have heard about it, and I have been doing this for over a decade. The people in the know are in the know, but there is an amazing amount of people who have no clue.â€
There are countless ways a cyberbreach can unfold, and countless ways response can go wrong, but laying the strongest possible foundation ahead of time ultimately makes the difference between successful response and absolute disaster for a company that gets hacked or otherwise compromised. According to Mullen, a breach coach who reports that his firm sees a new breach case every business day of the year, â€œIf you donâ€™t do all of the prep stuff, youâ€™ll never get response right.â€