Kroll-Logo-sm-wtsetA recent white paper from the cyber security team at Kroll  says organizations cannot focus on regulatory requirements alone in shaping their security programs. “Opinion and expectations are shifting; accountability for actions or inactions related to personal data is taking on a whole new dimension . . . .  What remains to be seen is whether organizations change the way data breaches are managed in order to head off consumer backlash, punitive costs and reputational damage . . . . Organizations must look beyond compliance fulfillment to effectively mitigate the risks associated with an individual breach and, if applicable, to break the cycle of ineffective breach response . . . . While it is true that breach response is fundamentally about making regulatory and budgetary decisions, this viewpoint tends to lead organizations to artificially limit their response to a very narrow aspect of a breach (i.e., notifying affected or concerned parties as required by law). To consistently ensure the organization reaches its most defensible position against negative effects of a breach, it is vital to define, compare, measure and predict the factors involved, as well as review all solutions that are available.”

Get Kroll’s white paper —  The Evolution of Data Breach Response Amid Growing Concerns and Expectations — at their website.  

Jennifer Rothstein, Kroll’s Director of Insurance Channel Management, is one of the chairs of this year’s NetDiligence Cyber Risk & Privacy Liability Forum which takes place June 12-13 in Philadelphia.  Register while there is still time and space!