On Monday we published our fourth annual Data Security Incident Response Report, which provides an analysis of the more than 560 cyber incidents handled by the team in 2017. Reflecting on the increasingly sophisticated nature of attacks, the aggressiveness by regulators in researching breaches and the expectations of highly developed responses, the report offers intelligence to help entities reduce their risk profile, build resilience, and be better prepared to respond when incidents occur.

While all incidents cannot be prevented, there are measures entities can take to minimize their attack surface and reduce the frequency and severity of incidents. Equally important, given the increase in attacks intended to disrupt operations, is a focus on building cyber resilience for an agile response. It can be hard to know where to begin, especially in an environment of constant change – but taking steps to proactively address these issues is what we call being Compromise Ready.

Our goal in publishing this Report is to offer practical steps you can take to reduce your risk profile, build resilience, and be better prepared to respond when an incident occurs. The data and experience behind the recommendations come from our work on more than 2,500 incidents in years past. Just as security teams use threat intelligence to prevent attacks, we hope you will use the Compromise Response Intelligence from this Report to prioritize and gain executive support for security spending, educate key stakeholders, fine-tune incident response plans, work more efficiently with forensic firms, assess and reduce risk, build scenarios for tabletop exercises, and determine cyber liability insurance needs.

We will post expanded thoughts on key sections from the report on this blog in coming weeks.

Photo of Theodore J. Kobus III Theodore J. Kobus III

Ted Kobus is national co-leader of the firm’s Privacy and Data Protection team and focuses his practice in the areas of privacy, data breaches, social media and intellectual property. Prior to joining BakerHostetler, Ted served as head of the Technology, Media and Intellectual…

Ted Kobus is national co-leader of the firm’s Privacy and Data Protection team and focuses his practice in the areas of privacy, data breaches, social media and intellectual property. Prior to joining BakerHostetler, Ted served as head of the Technology, Media and Intellectual Property and Privacy and Data Security practices at another law firm.

Ted advises clients, trade groups and organizations regarding data security and privacy risk management, breaches, response strategies, litigation and regulatory actions affecting organizations. He has counseled clients involved in significant breaches implicating state and federal laws, international laws and other regulations and requirements, including HITECH, the Massachusetts Data Privacy Law, California privacy laws (including the California Department of Public Health Law), Connecticut Insurance Department regulations, Puerto Rico’s Citizen Information on Data Banks Security Act, Mexico’s Data Protection Law, Canada’s data privacy requirements and PCI/CISP requirements. He has dealt with Offices of Attorneys General, state insurance departments, Office of Civil Rights (OCR)/Health and Human Services (HHS), Secret Service, FBI and local police and forensics professionals as part of their handling of data breaches.