The Challenge of Cyber Incident Response – Beat the Clock, with Accuracy

Once a company recognizes it had a cyber incident, the clock starts and it’s a rather unforgiving taskmaster.

The insurance companies, law firms and cyber/computer forensics consultants retained to assist compromised entities often have as little as 45 days to notify affected people about the incident. If really in a pinch, a short extension can be requested in court, but it’s still not a lot of time, especially when dealing with thousands of affected records. Fully responding within this timeframe is a tall order, given that each person whose data was impacted may have had a different mixture of personal identification and health data exposed by the incident.