Security Breaches: Who's In Charge?

June 24, 2011
There can be no doubt that security breach response is a critical compliance issue because the consequences of a botched security breach response can
There can be no doubt that security breach response is a critical compliance issue because the consequences of a botched security breach response can be catastrophic, including class action lawsuits, negative impact on stock price and, most importantly, damage to an organization's relationship with patients or customers. Despite the importance of these issues, many companies seem to have failed to clearly assign responsibility for security breach response, according to a recent survey conducted by Compuware Corp. and the Ponemon Institute. The study, entitled the 2008 Study on the Uncertainty of Data Breach Detection, surveyed more than 1,112 information technology practitioners in the United States, United Kingdom, France and Germany. Here are some of the findings of the survey that I found most interesting:

1. IT practitioners are not confident about their organization's ability to detect the loss or theft of sensitive or confidential information (10% were very confident, 34% were not confident and 18% were unsure).

2. IT practitioners are not very confident of their ability to learn all of the facts about a data breach.

3. Many organizations have not clearly defined who is responsible for data breach management. Over 43% of the IT practitioners reported that no one in their organization is responsible for data breach management. Another 23% were unsure who was responsible.

In order to effectively mitigate the risk of a security breach, the first crucial step is to define who in the organization is responsible for developing a security incident response plan. Not only should someone be given primary responsibility for this issue, but there should be an incident response planning team that includes relevant departments of the organization, which may include HR, public relations, legal, compliance, IT and (for public companies) investor relations. A major security breach can have an enormous and far-reaching impact on an organization, so it is imperative to have clear assignment of authority and an incident response team that is capable of quickly mobilizing appropriate resources throughout the organization. As the survey results suggest, if an organization has not clearly allocated responsibility for security breach response, then it may also experience difficulties in detecting and investigating breach incidents. For more information on the Compuware/Ponemon study, see the June 9 issue of BNA's Privacy & Security Law Report or contact The Ponemon Institute at [email protected].

There's an old poker saying that if you can't spot the mark at the table, then it's probably you. For IT and security professionals, the same may be true for security breach response. If you don't know who in your organization is responsible for managing security breach response, then it just might be you ....

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?