- Premium Members Only Content - Exclusive Video -
Most organizations today have breach response plans. But far too few test these plans before an incident occurs. Experts Michael Breummer and Ronald Raether discuss the essentials of breach response.
Testing a plan is just one necessary element. Communication with all stakeholders is also commonly overlooked.
In a video interview about breach response strategies, Bruemmer and Raether discuss:
Essential elements of a breach response plan;
The emerging role of the cyber insurer;
Key technologies and the roles they play.
It could be a distributed-denial-of-service attack against your organization, a breach of one of your third-party vendors, or perhaps one of your trusted employees has lost or had stolen a mobile device containing personally identifiable information.
Whatever the scenario, data breaches are increasingly common for organizations in all industries.
And while technology solutions for breach detection are growing more sophisticated, the strategic elements of breach response are not keeping pace, experts say.
Too often, breach response plans are left untested - until there is an incident. Often the strategies are not even communicated to all the stakeholders who need to be a part of the plan. That, or the plans fail to account for critical third-party vendors and their roles.
In this exclusive video interview, two prominent breach response experts discuss what's missing in today's breach response strategies. Michael Bruemmer of Experian Data Breach Resolution talks about the lapses he commonly sees after real-world incidents. And attorney Ronald Raether covers the legal aspects that are most often overlooked.
Michael Bruemmer is Vice President, ExperianÂ® Data Breach Resolution at Experian Consumer Services, the leading provider of online consumer credit reports, credit scores, credit monitoring, other credit-related information, and protection products. With more than 25 years in the industry, Michael brings a wealth of knowledge related to business operations and development in the identity theft and fraud resolution space where he has educated businesses of all sizes and sectors through pre-breach and breach response planning and delivery, including notification, call center and identity protection services.
Ron Raether leads the Cybersecurity, Information Governance and Privacy practice and is a partner in the Consumer Financial Services practice group at Troutman Pepper. Ron is known as the interpreter between businesses and information technology, and has assisted companies in navigating federal and state privacy laws for over twenty years. Ron's understanding of technology led him to be involved in legal issues that cross normal law firm boundaries, including experience with data security, data privacy, patent, antitrust, and licensing and contracts. This experience allows Ron to bring a fresh and creative perspective to data compliance issues with the knowledge and historical perspective of an industry veteran.
Ron's involvement in seminal data compliance and data use cases has helped define current standards in several areas of the law. He assisted one of the first companies required to provide notice of a data breach and has since successfully defended companies in hundreds of class actions and regulatory investigations. Ron represents clients in a broad range of technology and data privacy matters including data aggregation and analytics, mobile applications, de-identification/anonymization, including correlating data from multiple connected devices, "connected-things (IoT)," electronic crash- and consumer-reporting systems, and payment technologies. Ron also advises on pre- and post-incident compliance concerns ranging from the development of incident response plans and workflows, guiding clients through immediate forensic investigations, coordinating initial crisis management, which includes navigating clients through the maze of state and federal notification requirements, addressing post-incident aftermath, and responding to regulatory inquiries. Balancing privacy, cyber security and business functionality, Ron's approach to data governance is uniquely designed with the industry in mind as it adapts to the ever-evolving technological and legal landscape.