Throughout the business world, breaches have become a constant reminder of the critical need to assess and take action on cyberrisk. But they can also make addressing the issue seem like an ever more daunting task, leading many to either put off substantive measures or blindly buy the latest insurance or software to “take care” of the problem and move on.
“The biggest mistake companies make in the breach recovery process is just not being aware of the risk in the first place,” said John Mullen, managing partner at Lewis Brisbois Bisgaard & Smith LLP and chair of the firm’s data privacy and network security practice. “You would be amazed—I do up to 100 presentations a year, and at 80% of them, people still look at me like it’s the first time they have heard about it, and I have been doing this for over a decade. The people in the know are in the know, but there is an amazing amount of people who have no clue.”
There are countless ways a cyberbreach can unfold, and countless ways response can go wrong, but laying the strongest possible foundation ahead of time ultimately makes the difference between successful response and absolute disaster for a company that gets hacked or otherwise compromised. According to Mullen, a breach coach who reports that his firm sees a new breach case every business day of the year, “If you don’t do all of the prep stuff, you’ll never get response right.”