The Online Trust Alliance (OTA) recently released the 2011 Data Breach Incident Readiness Guide, a comprehensive guide outlining key questions and recommendations to help businesses in breach prevention and incident management.

OTA has expanded its annual report to address the emerging security and privacy threats impacting businesses in a world of increasing levels of data breaches, accidental data losses and incidents of users’ privacy being compromised.

OTA advocates all that businesses create an incident response plan and be prepared for the likelihood they will experience a breach or data loss in the future.  According to the OTA breaches happen and often at the worst of times. A well-designed plan can go some way to migate the effects and increasingly forms an essential part of regulatory compliance. It demonstrates that a firm or organization is willing to take reasonable steps to protect data from abuse ans is simply good business.  Developing a plan can help to minimize risk to consumers, business partners and stockholders, while increasing brand protection and the long-term viability of a business.

According to OTA's press release there are few events can damage a company’s reputation and consumer trust more than the loss, misuse or breach of personal and sensitive data.  In the past 5 years, it is estimated over 525 million records containing sensitive personal information have been compromised due to breaches.  Such incidents not only harm a company’s brand, but typically increase scrutiny and liability exposure, risking impacting a business’s bottom line.  According to the 2009 Cost of Data Breach Report published by the Ponemon Institute, data breach incidents cost U.S. companies $204 per compromised customer record with an average cost per-incident of $6.75 million.

Directly related to data security breaches is the impact of key operations which may result from criminals changing passwords, deleting key files and or loss of physical property impacting business continuity.  Planning for incidents and physical disaster helps to identify exposure from internal and external threats.  Synthesizing hard and soft assets can help provide effective prevention, recovery and system integrity. In addition to cyber-attacks, employee theft and accidents, related incidents include fires, earthquakes, power outages and are proving to be critical scenario planning requirements.

Incident planning incorporates both data breaches and disaster planning as a part of an organization’s learning effort that helps reduce operational risks, improve information security and corporate reputation risk management practices.  Not unlike training first responders for a physical incident, data managers and cyber responders must be trained, equipped and empowered.  Planning is the key to maintaining online trust and the vitality of the Internet, while helping to ensure the continuity of business.

According to the OTA’s 2011 Data Breach Incident Readiness Guide, the true test for organizations and businesses should be the ability to answer key questions such as:

Download a copy of this comprehensive data breach incident guide here or visit the Online Trust Alliance website.