Client Alert: New Year Means Time to Revisit Your Data Incident Response Plan
As we begin the New Year, it’s time to re-visit and update your data incident response plan. Companies subject to the Payment Card Industry Data Security Standard (PCI-DSS) are required to do so to ensure compliance. Even for companies not subject to PCI-DSS, having an incident response plan in place is recommended, as it will greatly assist in investigating and responding to suspected or actual cyber attacks in a consistent and efficient manner. Cyber insurers, regulators, and even your company’s board of directors may also require that your company develop and regularly update its incident response plan to address evolving cyber threats.
To jump into the New Year with confidence, consider scheduling a Vorys incident response tabletop training. These trainings evaluate your organization’s ability to effectively execute its incident response plan by simulating a real-world data security incident. The benefits of the exercise are many, including reviewing your plan in a real-world incident, preparing members of executive management for their responsibilities under the plan, and identifying and closing any gaps and bottlenecks that are discovered. These tabletop exercises are a modest commitment in terms of time, costs, and resources, while at the same time are a good way to familiarize key stakeholders with their roles and responsibilities, as well as to encourage team building. If your organization is subject to PCI-DSS, the tabletop can satisfy the requirements to annually test your incident response plan. Click here to see Vorys’ incident response tabletop training offerings that can be customized for your organization.
Updating your incident response plan is important and can help protect your company in the event of a suspected cyber attack or breach. For any questions or to schedule your tabletop session, please contact John Landolfi or your Vorys attorney.