New standards related to breach remediation are gaining traction and will have a greater impact on corporate data breach response.
Credit monitoring will no longer be the gold standard in breach remediation in 2014, as lawmakers, consumer advocates and the public at large continue to raise questions about the relevancy and thoroughness of this as a stand-alone solution and demand a more effective alternative. While no legal guidelines currently exist for consumer remediation, the FTC and states like California and Illinois are already offering guidance that suggest a risk-based approach to consumer remediation – one that matches remedy to individual risk based on the unique circumstances of a breach – will be the way of the future.
“The notion that credit monitoring is a panacea for all data breaches is misguided. When you couple the myriad types of sensitive information with the multitude of ways an identity can be stolen and used fraudulently, there are many instances where credit monitoring will not be helpful to a breach victim at all, including medical identity theft, criminal impersonation, employment and tax fraud, etc.,” said Brill. “That’s not to say that credit monitoring is useless because it’s a valuable tool when it aligns with the type of data exposed. Rather, companies will need to gain a better understanding of their actual breach risks, how the breach could actually affect their customers, and the best way to remedy those specific risks and provide better protection to the affected consumers.”
Kroll, a global leader in risk mitigation and response solutions, recently released its third annual Cyber Security Forecast, a prediction of the most significant cyber issues organizations will confront in 2014. The latest forecast highlights seven trends identified by Kroll and suggests that a changing tide in cyber standards, both social and legal, will require organizations to take stronger actions and safeguards to protect against reputational, financial and legal risks.