Preparing for the aftermath of a data breach

Traits companies should look for in their go-to breach response partners

I’m pleased to say that security executives have made some serious headway with educating their colleagues on data breach preparedness. With the help of heightened awareness on the subject from recent, highly-publicized data breaches, now most C-suite executives are on board with prioritizing a data breach response plan in order to be prepared for the inevitable. This means companies are also allocating more funds to external partners in the forensics, legal, data breach resolution services and public relations area to help them prepare and handle a data breach.

One key component in preparing a data breach response plan that is often overlooked is identifying partners ahead of time and securing pre-breach agreement contracts. Having a contract in advance of a security incident ever occurring will lock-in negotiated pricing, as well as provide the opportunity for greater alignment and quicker activation when called upon to assist with a breach.

Unfortunately, choosing the right partner can be difficult as there has been a flood of suppliers entering the space. Wait until an issue happens, and many companies find themselves in the unfortunate position of taking on whoever is easiest (or lowest costing) to retain versus best for the job, which can lead to significant risk when managing a breach.

While the right data breach partners vary for every organization’s unique needs, there are several key traits an organization should look for. When identifying and vetting third-party partners – regardless of the specialty, from legal and forensics to public relations agencies – it is important to evaluate if they have specific experience dealing with data breach incidents, understand the unique needs of the organization’s industry sector, and are technically savvy enough to know how different types of breaches occur. In the retail sector for example, an organization should ensure their vendors have evaluated recent payments breaches and have the ability to plan for a similar scenario.

Consider whether partners will have chemistry with each other and your company’s culture as well, understanding they’ll likely act as an extension of the core response team. If the vendors you identify have worked together on data breaches in the past, this can also encourage smoother collaboration across teams.

After ensuring prospective partners meet these universal needs, there are additional nuances to consider for each specialty.


Legal partners, for instance, should preferably have an established relationship with local regulatory entities such as the state attorney general to help bridge the gap when communicating with them following a breach. Further, they should have an understanding and be able to provide guidance on what to disclose that will avoid creating unneeded litigation risks based on the latest developments in case law. They should also have a working understanding of public relations and the forensics investigations process to help ensure that anything recorded and documented by an organization balances the need for transparency and detail without creating legal risk.


Similarly, forensics partners need to have the ability to clearly translate technical investigations into what the enterprise risk implications are of a data breach for decision-makers within the organization. If this trait is not there, often key pieces of information can get lost in translation and cause significant confusion. To identify this trait, look for candidates that have previous legal or government experience; essentially anyone essentially anyone who understands that a breach is not just a security issue but also an enterprise risk issue.

Breach Resolution

This content continues onto the next page...