IT security commentators believe that most organizations probably already have experienced some form of a data breach. For instance, a recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300 percent increase over the 1,000 daily attacks reported in 2015). The ongoing challenge is to overcome the different and emerging sources of security breaches and to install the right defenses to address areas of vulnerability.
It is also why companies need to be prepared and shift to a paradigm of incident response. Compliance and privacy teams, in conjunction with internal audit, can help an organization move to a state of readiness against cyber-threats by promoting an environment in which potential breaches are anticipated and proactively addressed. Since it is unlikely that companies will ever be able to fully prevent a data breach, it would be wise to prepare in advance with a well-integrated response plan for managing such incidents. Boards should encourage management to have a well-established response plan in place for any potential cyber-attacks that may arise.
