Updated: Jan 22
The importance of cybersecurity can rarely be understated. An organization who falls victim to a breach faces thousands or even millions of dollars in lost revenue and/or fines, customers compromised, and a sullied reputation—and that’s just the start.
But in an online world where the threat landscape is always changing, breaches do happen. So, almost as important as building a strong defensive posture, every organization in today’s business landscape must have a solid plan in place for responding swiftly and effectively in a worst-case scenario.
“Assisting our clients with cyber breaches is not new, but we have seen more clients come to us with cyber breach issues lately,” Amardeep Thandi, associate director at Control Risks, recently told me.
Indeed, experts across industries say that cyber risk is on the rise.
“Unfortunately, data breaches have become the norm, not the exception—and they exploded this year,” Jenna Aira-Ventrella, managing director at BDO, agreed.
What Happens Next
“It is a very stressful, time consuming, and costly event,” Jenna said, explaining the aftermath of a breach for her clients. There are a lot of steps to follow in responding, including investigation and containment, communications with regulators, data subject identification and notification, insurance claims, and more.
What this complexity means in practice is that targeted data collection, analysis, and review efforts become the central workflow to help response teams get their arms around what’s happened and what implications are in play.
“We begin by working alongside the client’s various stakeholders to immediately contain the environment, manage the crisis, and restore the business to a fully functioning state,” Amardeep said of his team’s standard operating procedure in these circumstances. “In tandem, we are busy performing data preservation and analysis to establish what systems have been accessed—and to what level—by the antagonists, working to identify the priority systems in terms of data risk exposure.”
And, when their clients’ organizations have international reach, the complexity of this process expands even further: “Our clients are often global with significant data estates, so traversing the vast volumes of data can be challenging to say the least. We also need to traverse regulatory obligations, combining analysis of data types with language analysis to determine the geographical route that data may take within the organization,” explained Control Risks Principal Joanne Fung.
“Across the board, it’s the disparate types of information competing against a ticking clock which makes a matter difficult,” Jenna said. “Each breach is unique; while there is parity across each matter—primarily the identification of PII, PHI, and other regulatory data—each client is impacted differently. The intent of a breach varies and the disruption to a business may be greater than potential PI exposure alone.”
In short, Jenna said, “you need a variety of skills and solutions to really understand and develop an early impact assessment and a comprehensive action plan.”
Why Time Is of the Essence
Naturally, organizations affected by a breach want to understand what’s happened as quickly as possible to aid in containment. But in many cases, they’re also beholden to doing so by regulators.
Regarding those requirements, Jenna noted, “industries vary, but there are guidelines to execute against.”
This is especially pertinent in instances where consumer data has been compromised.
“Identifying PII and commercially sensitive information is critical to establishing the risk exposure to our clients and, commonly, this is a race against the perpetrators,” Joanne explained. An added pressure is the fact that “regulators are becoming more stringent on deadlines for self-reporting requirements—and if those are not met, are becoming less forgiving in the level of fines being imposed.”
Sometimes, these efforts—with the help of professionals who have the know-how and technology that ensure more efficient, less frenzied workflows—can move quickly. In other instances, though, an attack may prove prolonged or difficult to trace.
“We have seen engagements that come and go within a few days,” Joanne added. “But in some cases, depending on the size of the potential breach, it could take months to first identify all the data sources, and then conduct the review, before we can formally and forensically advise our clients that the breach can be considered resolved.”
Beginning this investigation as quickly as possible is a critical component in minimizing exposure, understanding what business areas or data stores have been threatened, and crafting an appropriate response based on the organization’s legal and ethical obligations.
How Robust Best Practices Meet Agile Adaptability
One would hope, of course, that organizations fall victim to these breaches only once in a blue moon—or, preferably, never at all. But being inexperienced can mean being unprepared, so organizations who leverage the expertise of an outside partner will be better equipped to fill any gaps, perform damage control, and set things to right much sooner.
For the experts at BDO and Control Risks, offering those services means balancing two complimentary skill sets: a deep knowledge of the technical solutions and legal steps required in every case, as well as the agility and adaptability to understand what makes each case unique. The result of this combination is tailored workflows that accelerate resolutions and get a more detailed picture of the scope and exposures involved in every incident.
Both teams have chosen Relativity to foster those workflows.
“There is not one tool yet which allows you to complete all the necessary steps, so the value a tool like Relativity affords is the ability to integrate various solutions through their ecosystem partners and to develop and customize your own environment,” Jenna, from BDO, explained. Her team uses the platform to build matter-specific solutions that support each client’s needs. Then, they add their professional services to the mix to ensure a well-rounded resolution.
“All clients are looking to wrap up this painful and costly experience as soon as possible, but it’s not a one-size-fits-all response. The type, the scope, the depth, and the business impacts all need to be considered,” Jenna continued. “While there are regulatory and notification requirements for response, a matter is not necessarily resolved once that process has been completed. There could be reputational issues our crisis management team could be assisting with, there could be anticipated downstream litigation or arbitrations from third parties. We work with our clients to understand what their objectives are and execute accordingly.”
Control Risks’ Amardeep and Joanne also noted the importance of bespoke solutions and high-touch support in these cases. They added that, specifically, RelativityOne empowers them to do all of this without delay each and every time a client approaches them with a crisis.
“Relativity Analytics provides the most comprehensive and robust capabilities to work with our clients’ data, and allows our team to advise our clients in a timely and appropriate manner,” Joanne noted. “Furthermore, given the importance of ensuring and maintaining data security, the RelativityOne environment allows us to securely host and run analytics seamlessly across all of our environments in the US, Brazil, UK, Germany, South Africa, Hong Kong, China, and Australia.”
Both teams are helping clients through one of the most stressful experiences a modern organization can endure, with the level-headed attitude and extensive experience that can put out any fire.
Sam Bock is a member of the marketing team at Relativity, and serves as editor of The Relativity Blog.