Potential Litigation
Failure #4: Not thinking about response through the lens of potential litigation.
Even with 81 percent of companies having a response plan, 72 percent of security officers do not think their organization’s plan would be effective in reducing the likelihood of lawsuits (Ponemon Institute). As the legal backdrop around data security continues to evolve, these concerns are not unfounded. Recent legal cases provide plaintiffs with more standing, therefore opening up companies to a greater risk for litigation and settlements. For example, in the P.F. Chang Class Action Suit the court ruled that the plaintiffs had standing since P.F. Chang’s statements following the breach suggested customers take protective remediation measures, such as monitoring their credit, inferring that customers were at risk of identity theft or fraud.
Closely monitoring actions taken by attorneys general and new case law can help companies as they continue to build their incident response plan.