According to a recent study, an alarming number of companies don’t have an established strategy in place for informing the public of a security breach. EY‘s latest Global Information Security report revealed that while half of the 1,735 companies surveyed were confident in their ability to detect an attack, 42 percent wouldn’t have an official communication plan to rely on if one were to happen.
In a recent CNBC interview, Paul van Kessel, global cybersecurity lead at EY, explained why breach reporting requirements are so important and how even the most sophisticated organizations are at risk of sustaining a cyberattack. Whether an attack occurs or not, it’s important that companies are prepared to be transparent with their customers and stakeholders, as well as the general public. As a matter of fact, new regulations like the European Union’s General Data Protection Regulation will make speedy and responsible disclosure a requirement for businesses in the coming years.
“In a climate where there is a high likelihood of data beaches occurring – which are often unavoidable, it is surprising that many have not put in sufficient planning to manage communications post breach. As we have seen in the past, how companies respond to data breach events will be judged equally or higher than the breach event itself,” says Paul van Kessel.
Read more about post-breach communications on CNBC.