After suffering a data exposure of at least 13GB of customer information covering 117,000 accounts the actions of one of the UK’s largest motoring associations provides a great insight into the importance of incident response.
An initial incorrect assessment of the event’s severity coupled with accusations by the security community of downplaying the incident with speculation of a deliberate 'cover-up' forces the company to backtrack on their published official stance.
The senior management team are then forced to step in and personally incident-manage the situation, directly apologising to customers, emailing journalists and the security community to allay fears as to their intentions and to limit the backlash.
For organisations grappling with GDPR and wishing to understand how best to structure their incident response plans, this less-than-optimal example provides great insights into the areas that will require the greatest resources and management focus.
Want to discuss this case? We're offering a FREE 20 minute phone consultation to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.