Filed Under:Risk Management, Cybersecurity

The 3 R’s to remedy a cyber breach

Having a proactive cybersecurity strategy is a company's best defense against a data breach. (Photo: iStock)
Having a proactive cybersecurity strategy is a company's best defense against a data breach. (Photo: iStock)

When hackers penetrate your public and private networks, it can lead to devastating consequences. A data breach can not only destroy a company's electronic data, it can also bankrupt a business.

The average data breach costs $4 million, according to a 2016 study from IBM. The study also reports that the average cost incurred for each lost or stolen record containing sensitive and confidential information increased from $154 to $158 over the past year.

Related: Does traditional coverage apply when cyber attacks cause physical damage?

When it comes to the volume of attacks, the numbers are simply staggering. It is estimated over 900 million records of personally identifiable information (PII) have been stolen in the U.S. over the past few years, according to

Any company in any sector can be hacked. So what should business do if they are the latest victim of a breach? Having a proactive cybersecurity strategy is a company's best defense. Following these three essential R’s is a defense strategy that should be stored in every company’s first aid kit:

(Photo: iStock)

1. Recognize

Identifying the source of the incident is paramount to minimizing the resulting damage. Internal controls play a significant role in identifying a hacker’s point of entry.

Monitoring logs and access to networks is especially critical because this is where signs of a breach will likely turn up. Large file transfers that do not regularly occur could be a sign of a security incident, as could the slowing down of a usually large bandwidth network.

Related: 4 tips to sell more cyber liability policies to small businesses

(Photo: iStock)

2. React

A company’s incident response plan to unauthorized access should be able to cut off the access point, slow down the intruder, preserve the environment that has been compromised and speed up recovery. This can be accomplished through proactive monitoring, user training and a layered security approach.

Forensic analysis will likely be required to determine the full range of files compromised. If a company does not have the means to do a full forensic analysis internally, it should enlist the help of an outside provider experienced with cybersecurity risk mitigation. A third-party provider can reduce the risk that an unauthorized user still has access to a company’s electronic data and assist the company in taking the appropriate steps to prevent a similar event from occurring in the future.

Companies must also notify all affected parties. No matter what was accessed, companies will likely need to communicate information about the breach. It is rare to find a breach that does not involve additional regulatory requirements related to disseminating information about what happened. Many states have breach notification laws, and companies will need to consider which notification laws would apply to their case.

Related: Cyber coverage for businesses up 85 percent since 2011

Companies experiencing a breach may also be required to provide services that monitor credit reports and other information related to financial security to the individuals affected by the breach. This service would have to be provided for one to two years, depending on the severity of the incident.

The company will also be subject to payment card industry data security standard (PCI DSS) oversight. PCI DSS has four tiers of monitoring, with the first being the most stringent. Companies subject to Tier 1 PCI DSS monitoring will have to provide due diligence to demonstrate that the environment around the credit card information is secure. A company in possession of credit card data that have been breached is automatically held to the highest tier (Tier 1) requirements.

Compromised healthcare records will have to follow Health Insurance Portability and Accountability Act (HIPAA) regulations for breach notification. Compromised entities must notify the affected individuals and the Secretary of Health within 60 days of the breach. The organization may also have to notify media outlets, depending on the type of breach.

(Photo: iStock)

3. Recover

The regulatory environment surrounding the compromised data may require the implementation of long-term corrections. Both HIPAA and the PCI DSS will ask for monitoring and due diligence related to the security of their respective records. First priority goes to fixing the problems that led to the breach.

Companies that tie breaches back to their third party vendor should work with that company to understand what they are doing to prevent a similar event from occurring in the future. They should also discuss what the vendor can do to better secure data transferred between the two entities.

Related: 5 tips to avoid the dangers of public Wi-Fi

If the breach occurred through wireless access to the network, companies should consider strengthening encryption for wireless access, issuing unique user IDs and making passwords for access more complex. Breaches that resulted from lost or stolen devices may necessitate companies create a policy on when to remotely wipe devices.

Changes should not stop with the immediate problem that needs to be addressed. Cybersecurity is an ongoing process. Periodic cyber risk assessments can help identify emerging sources of vulnerability before they become targets of an attack. They can also assist with prioritizing your cyber risk procedures. Not every piece of data needs to be secured on the same level; it is not cost effective or reasonable, so companies should identify the information that holds the most value for their company or is subject to regulatory requirements. Consider intellectual property, financial information and other personally identifiable data and what can be done to secure these areas.

Related: 8 ways to improve cyber insurance

Christopher Roach is the National IT practice leader and a managing director in the Risk & Advisory Services practice for Cleveland, Ohio-based CBIZ, Inc. Roach can be reached at

Featured Video

Most Recent Videos

Video Library ››

Top Story

5 things to know about the NAIC's new cybersecurity model law

The NAIC's newly-adopted Insurance Data Security Model Law provides guidance for carriers, agents, brokers and their business partners.

Top Story

5 insurance advisor marketing mistakes to avoid

The right marketing tactics can help insurance agents and brokers reach their goals.

More Resources


eNewsletter Sign Up

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.