While many companies have data breach preparedness on their radar, it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals, according to Experian Data Breach Resolution.
“Preparing for a data breach has become much more complex over the last few years,” said Michael Bruemmer, VP at Experian Data Breach Resolution. “Organizations must keep an eye on the many new and constantly evolving threats and address these threats in their incident response plans.”
Ann Patterson, senior vice president, Medical Identity Fraud Alliance (MIFA), said: “The consequences of a medical data breach are wide-ranging, with devastating effects across the board – from the breached entity to consumers who may experience medical ID fraud to the healthcare industry as a whole. There is no silver bullet for cybersecurity, however, making good use of trends and analysis to keep evolving our cyber protections along with forecasted threats is vital.”
“The 72 hour notice requirement to EU authorities under the GDPR is going to put U.S.-based organizations in a difficult situation, said Dominic Paluzzi, co-chair of the Data Privacy & Cybersecurity Practice at McDonald Hopkins. “The upcoming EU law may just have the effect of expediting breach notification globally, although 72 hour notice from discovery will be extremely difficult to comply with in many breaches. Organizations’ incident response plans should certainly be updated to account for these new laws set to go in effect in 2017.”
Omer Tene, Vice President of Research and Education for International Association of Privacy Professionals, added “Clearly, the biggest challenge for businesses in 2017 will be preparing for the entry into force of the GDPR, a massive regulatory framework with implications for budget and staff, carrying stiff fines and penalties in an unprecedented amount. Against a backdrop of escalating cyber events, such as the recent attack on Internet backbone orchestrated through IoT devices, companies will need to train, educate and certify their staff to mitigate personal data risks.”