"When you think about what else cyber insurance can do for you, the operational side is just as important as the financial side," said Bo Holland, CEO of AllClear ID.
cited the response of Target
to its 2013 data breach - the retailer had the financial ability to respond, but it didn't have a plan in place, leading to loss of customer confidence, lawsuits, and brand damage.
Organizations need "defined, understood, and practiced" response plans, he
Insurers can facilitate those relationships with vendors, but it's up to individual businesses to engage with them, Holland
"The stakes are so high these days," he
compared breach response to a new product launch - something most businesses would understand in terms of the time needed to prepare, the message to be sent, and the organizational awareness for all involved employees.
However, breached organizations must respond within a few days to the public.
"It helps people get their minds in the right place," said Holland