incident response as a team sport: emerging and best practices · 2019. 10. 14. · incident...
TRANSCRIPT
October 16, 2019
Incident Response as a Team Sport: Emerging and Best PracticesGerard StegmaierReed Smith LLP
Neva DePalmaRadarFirst
Samuel S. RubinThe Crypsis Group
Questions + Contact
Gerard StegmaierPartnerReed Smith LLP
Neva DePalmaGeneral Counsel, VP of Customer SuccessRadarFirst
Samuel S. RubinVice PresidentThe Crypsis Group
Incident Response as a Team Sport
• Purpose of SessionA discussion on emerging trends at the intersections of law, forensics and tech-enabled response process
• Agenda:
What does the data say? A look at the current industry benchmarks on privacy incident response
Cross-team collaboration discussion questions
Q&A
Benchmarking Data for Incident ResponseIndustry Standards
About the Data:● Date range for following data:
2017, 2018 and Jan-Jul of 2019● All data has been anonymized● Primary industries represented
include financial services, healthcare, and insurance
Incident Response as a Team Sport
Key DefinitionsIncident: Unauthorized disclosure of personal information where multi-factor risk assessment is performed to decide whether it is a breach
External Incident: An incident caused by a 3rd party processor or service provider
Breach: An incident that requires notification to impacted individuals
Occurrence Date: Date the incident took place
Discovery Date: Date the entity became aware of the incident
Notify Date: Date of first notification to regulators or individuals
Incident Response as a Team Sport
How Many Incidents are Notifiable?
Appropriate risk mitigation is crucial.
With compliant multi-factor risk assessment you can avoid over-reporting.
Incident Response as a Team Sport
How Many Incidents are Notifiable- Industry Breakout (2019)
Incident Response as a Team Sport
Incident Category: Electronic, Paper, or Verbal/Visual
Incident Response as a Team Sport
Disposition of Incident: Malicious, Inadvertent, Intentional?
Unintentional / Inadvertent
Intentional / not malicious
Intentional / malicious
2018 96% 2.9% 1.1%
2019 96% 3% 1%
The majority of incidents are unintentional or inadvertent
Regardless, there is a legal obligation to justify the decision, as well as document and demonstrate consistent risk assessment
Incident Response as a Team Sport
Incident Source: Internal vs. External
Incident Response as a Team Sport
Number of Individual Records Exposed per Incident
In 2019, 89.4% of incidents exposed only one individual record
Over the course of a year, RadarFirst customers on
average assessed incidents impacting individuals
across 21 states.
Incident Response as a Team Sport
Average Incident Response Lifecycle
2019 BakerHostetler Report:Occurrence to discovery = 66 daysDiscovery to notify = 56 days
IR Team Discussion PointsChallenges and Opportunities for Collaboration
Incident Response as a Team Sport
How do your privacy, legal, and security teams work together? Or do they…?
Incident Response as a Team Sport
What are key challenges in working cross-functionally?
Incident Response as a Team Sport
How are you being proactive in addressing privacy concerns in your organization?
Incident Response as a Team Sport
What is your yardstick for success?
Incident Response as a Team Sport
Looking forward, what are your key initiatives to be “better together?
Q&A