Given the likelihood of a cyber incident involving PII, it is paramount for an organization to spend the time and resources required to develop an intervention response Plan (Cyber Security Incident Response Plan or CSIRP) in order to be prepared to mitigate as much as possible the risks inherent thereto.
Once the plan has been drafted, the individual members of the organization’s Cyber Security Incident Response Team (CSIRT) will be designated and called upon once or twice a year to participate in data breach simulations according to likely scenarios in order to sharpen their skills and improve the plan, as the case may be.
This level of preparedness often constitutes an important consideration when an organization seeks to subscribe to cyber-insurance products both for eligibility and affordable insurance premiums. As a result, the availability of a response plan can play an important role within a risk management strategy as it enhances the capacity of an entity to anticipate, react and recover from a data breach. Failing to do so may expose the organization to compliance issues as well as aggravated operational, liability and reputational risks.
With its experience as General Counsel, DUBÉ LATREILLE is ready to assist your organization both in preparing for and in responding to a data breach.