Television's true crime drama The First 48 always begins with the statement "For homicide detectives, the clock starts ticking the moment they are called. Their chance of solving a murder is cut in half if they don't get a lead within the first 48 hours." The idea is that the longer you wait to figure out who the adversary is, and to assess the damage from a crime, the harder it is to solve the crime, and prevent further attacks. Like murders, data security breaches and cyber-attacks leave a critical window of opportunity to respond. Often this window is 72 hours or less before serious costs begin to accrue.
In healthcare, where patient data is paramount and strict compliance measures are in place, having a sound incident response plan is critical. But healthcare organizations fall short many times in being able to respond to incidents quickly and effectively. In a recent HIIMSS survey of IT professionals in healthcare organizations, less than half of respondents reported that their organizations have tested data breach response plans; and more than half are still spending three percent or less of their overall IT budget on securing patient data. With advanced threats and theft or loss of data increasing, incident response plans allow organizations to limit the damage of a breach, contain it quickly, and reduce recovery time and costs.
In fact, a recent white paper by TechTarget quoted from the Ponemon Institute in its 2011 Cost of a Data Breach Study, "Outside consultants assisting with a breach response can save as much as $41 per compromised record." This equates to $1.2 million in savings (based on an average 28,349 records per breach) for a typical security incident, according to the institute. When it comes to incident response, oftentimes, as the old adage goes, "prevention is the best cure."