Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Similar documents
Are we breached? Deloitte's Cyber Threat Hunting

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

Emerging Technologies The risks they pose to your organisations

Multi-factor authentication enrollment guide for Deloitte client or business partner user

Achieving effective risk management and continuous compliance with Deloitte and SAP

Cyber Security is it a boardroom issue?

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment

Vulnerability Management. June Risk Advisory

Deloitte Discovery Caribbean & Bermuda Countries Guide

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

The New Healthcare Economy is rising up

Anticipating the wider business impact of a cyber breach in the health care industry

Real estate predictions 2017 What changes lie ahead?

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.

BHConsulting. Your trusted cybersecurity partner

CYBER INSURANCE: MANAGING THE RISK

Risk Advisory Academy Training Brochure

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Cyber Espionage A proactive approach to cyber security

Privacy and Data Protection Draft Personal Data Protection Bill 2018: A Summary. For Private Circulation Only August 2018.

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Regulating Cyber: the UK s plans for the NIS Directive

Data Sheet The PCI DSS

CFOs in a new global environment Sandy Cockrell, Deloitte

Adopting SSAE 18 for SOC 1 reports

Uptime and Proactive Support Services

Data Leak Protection legal framework and managing the challenges of a security breach

EY s Data Privacy Services. January 2019

GDPR Impacts. SEV GDPR Workshop Athens Giles Watkins, UK Country Leader. Wednesday 7th February,

BHConsulting. Your trusted cybersecurity partner

Developing your GDPR response for competitive advantage. EU General Data Protection Regulation (GDPR)

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

CYBER RESILIENCE & INCIDENT RESPONSE

Building and Testing an Effective Incident Response Plan

Achieving third-party reporting proficiency with SOC 2+

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

EU General Data Protection Regulation (GDPR) Achieving compliance

Creating your own payment card Joost Kremers MSc CEH

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

GDPR: A QUICK OVERVIEW

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Clarity on Cyber Security. Media conference 29 May 2018

Data Protection and GDPR

CYBER INCIDENT RESPONSE. cfcunderwriting.com

Cyber Security Incident Response Fighting Fire with Fire

EY s data privacy service offering

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

The GDPR Are you ready?

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

INTELLIGENCE DRIVEN GRC FOR SECURITY

GDPR: An Opportunity to Transform Your Security Operations

How to be cyber secure A practical guide for Australia s mid-size business

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

The impact of digital transformation on industries

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Cloud Computing Overview. The Business and Technology Impact. October 2013

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Cyber risk Getting the boardroom focus right

Preface. Operations within the EU. Serving the EU customers. Third parties operating in the EU

Microsoft 365 Business FAQs

Autobot - IoT enabled security. For Private circulation only October Risk Advisory

Spread your wings Professional qualifications and development at Deloitte. What impact will you make? careers.deloitte.com

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

M&A Cyber Security Due Diligence

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

BIG DATA INDUSTRY PAPER

Data Management and Security in the GDPR Era

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

NCC Group plc. NCC Group plc Interim Results

The Role of the Data Protection Officer

BUSINESS LECTURE TWO. Dr Henry Pearson. Cyber Security and Privacy - Threats and Opportunities.

falanx Cyber ISO 27001: How and why your organisation should get certified

Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today

SECURITY SERVICES SECURITY

ISACA Cincinnati Chapter March Meeting

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

PCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide

Protecting your data. EY s approach to data privacy and information security

NEWSFLASH GDPR N 8 - New Data Protection Obligations

TRULY INDEPENDENT CYBER SECURITY SPECIALISTS. Cyber Major

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

Cyber Risk Services Going beyond limits

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

Avanade s Approach to Client Data Protection

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

GDPR Privacy Webinar. Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Spiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP

Build a viable plan for disaster recovery and crisis management.

PROTECT YOUR DATA AND PREPARE FOR THE EUROPEAN GENERAL DATA PROTECTION REGULATION

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Security Awareness Training Courses

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

Transcription:

Customer Breach Support A Deloitte managed service Notifying, supporting and protecting your customers through a data breach

Customer Breach Support Client challenges Protecting your customers, your brand and your reputation The value of a planned breach response With high profile reports of cyber incidents on the rise and against a backdrop of heightened regulatory scrutiny, few organisations would dispute the value of a preplanned, customer-centric response to the immediate aftermath of a data breach. A breach puts your customers at risk of identity theft and fraud. It damages the trust, confidence and loyalty they have in your organisation. It threatens your reputation, your customer base and ultimately your revenue. Even the most well governed organisations can be caught off-guard by increasingly sophisticated cyber attacks. Deloitte s Customer Breach Support service helps clients minimise the impact of a data breach by putting your customers at the heart of your response and hand holding them through the days and weeks following an incident. Our comprehensive offering includes customer breach notification plans and communications, and the scalable infrastructure and trained resource to engage, support and protect your customers - and thus your organisation - through the crisis. A planned response means... Complying with regulation Protecting your reputation The General Data Protection Regulation in Europe mandates that all organisations which process data and offer goods in Europe are in scope. Organisations must: Report a data breach to the appropriate regulator within 72 hours Have appropriate plans in place to address the breach Notify every affected customer without undue delay Customer trust and loyalty are fragile, and during a crisis depend on how swiftly and effectively an organisation responds to protect the needs of their customers. Failure to do the right thing - keeping them well informed, supported and provisioned with appropriate identity protection tools and advice, could irreparably damage that trust and loyalty. The regulator has the power to fine up to 4% of an organisation s annual global turnover for failure to protect its customers in the event of a data breach. 1

Customer Breach Support Client challenges Containing the impact of a data breach In the event of a breach An effective data breach response is by its very nature both complex and logistically challenging. When disaster strikes and a breach is uncovered there is little time and rarely the capacity within most organisations to deal with the immediate internal and external impacts whilst simultaneously continuing with business as usual operations. In our experience, there are five key challenges an organisation faces in the event of a data breach: Capacity Speed Communications Knowledge Coordination Surge capacity must be available at short notice to offer the end customers identity repair and protection, without disrupting an organisations day to day business Mobilisation of the appropriate outbound customer notification and inbound customer support processes according to the timelines expected by the Regulator and customers Appropriate communication channels, customer messaging, FAQs, call scripting to reach and support customers Relevant specialist resource to support customers with identity protection and repair, credit monitoring and fraud alerting Managing and coordinating the required infrastructure at pace, on top of business as usual DATA BREACH IMPACTS 110 MILLION CUSTOMERS WORLDWIDE Data compromised: 110 million customer names, addresses, e-mail addresses, telephone numbers, credit and debit card numbers Impact on company: Cost of $236 million including : Reputation: 10% drop in share prices Customer base: 46% drop in year on year sales for that quarter Loss of Chief Executive Officer An additional $100 million spent on security post-breach the [data] controller shall communicate the personal data breach to the data subject without undue delay The General Data Protection Regulation (GDPR) Article 34, Communication of a personal data breach to the data subject 2

Customer Breach Support Our Managed Service Customer Breach Support by Deloitte We offer clients ongoing peace of mind with our comprehensive end to end managed service From the moment Deloitte is alerted of breach we focus on providing our clients and their customers with a fast and effective service. We notify, support and protect the end consumer and their identities, minimising the potential operational, reputational and financial risks. The service There are two core components to our managed service: Our response is based on a specialist pre-breach programme. We will implement the appropriate strategy, processes, communication materials, resources and capacity, ensuring data is appropriately structured for an outreach. The service guarantees that critical elements of breach response planning are covered in advance of an incident. When a crisis hits, our clients have the right foundations in place to enable us to swiftly take the best possible care of their customers. 01 Pre Breach Reserved Response Support (RRS) Under the RRS contract, we provide: 1. A full readiness programme including: Bespoke customer notification and communications strategy Breach notification plan templates and agreed scripts Data analysis for customer outreach Walk through desktop exercise to validate assumptions Simulation exercise to validate plans and test scripts, processes and systems 2. Guaranteed resource and capacity: Customer response forecasting aligned to the customer size and profile Resources including call handling capacity to meet the specific customer scale requirements 24/7 client response Dedicated account manager Full Service Level Agreements 02 Post Breach Live Customer Breach Support Upon breach activation we provide a dedicated response management team who will coordinate the response to customers, enabling identity protection and remediation services to commence. This includes: A Deloitte Operations Hub to coordinate the response Implementation of the response strategy, tailored to the specific incident Customer outreach infrastructure and resource Trained call handling capability Specialist identity protection advisory team Credit monitoring services Fraud alerting / dark web monitoring Reporting, analytics and management information Deloitte has 20 years experience running managed services for our clients, successfully delivering large-scale processing, remediation, data management and customer outreach solutions. Our well-established model combines infrastructure, people, technology and processes into a comprehensive end-to-end managed service delivered by our experienced operations teams. We have collaborated with AllClear ID, the top US breach response provider* to leverage their experience and knowledge of successfully responding to over 5000 data breaches. This collaboration creates a unique capability to provide our clients and customers with the response and support required. *Forrester 2017 3

Customer Breach Support Our Managed Service 1.0 Pre breach: Reserved Response support Reserved, guaranteed capacity, pace and specialist support to prepare Subscribing to the reserved response service ensures organisations have the capability and capacity in place to respond effectively to their customers needs. A specialist Deloitte team carries out the preparatory phases and our experienced Operational Hub delivers the following infrastructure, capacity and breach response procedures: 1.1 Reserved response Contractual agreements are put in place to guarantee the timely outreach and customer contact capacity required for the customer base 1.2 Breach readiness Deloitte cyber specialists will deliver a short programme to ensure the organization has full breach notification plans in place and that customer data is ready for transfer to support customer outreach 1.3 Response validation exercise A desktop breach notification exercise to test and prove the end to end breach processes, from response activation and message development through to call centre support 1.4 Acceptance onto Breach Service Following completion of the Readiness programme with validated plans and data, our clients are then accepted into the Reserved Response Support Service. Once fully on board, we offer clients ongoing peace of mind with our comprehensive end to end managed service. We guarantee the appropriate infrastructure, capacity, skills and logistical reach to respond swiftly and effectively to customer breaches on any scale. Components of the breach response service Once accepted onto the reserved response support service, clients unlock retained and scaled access to the full suite of live customer breach response components: Dedicated operational hub and account manager Scalable customer notification capability Fraud alert and investigation Credit monitoring Fully scalable infrastructure Reserved call centre at high volume capacity Multilingual call centre support Identity protection, repair and support 4

Customer Breach Support Our Managed Service 2.0 Post breach: Live customer support Pre-planned and controlled support for your customers In the event of breach response activation, an Incident Management team will mobilise the Operational Hub and coordinate the elements of the service to swiftly support and protect the customer base. 2.4 Customer ID protection & repair Customers are supported by four levels of response covering basic questions, detailed needs, credit monitoring and identity support, protection and repair 2.3 Customer notification & communication At the agreed point the customer notification campaign is launched via mail out, website or substitute notice, all supported by scaled call centre capability 2.2 Response strategy Following identification of the scale and scope of the breach, the next step is to consolidate the data file for transfer to support any mail out, and finalise and sign the pre-agreed contractual statement of work containing services and fees 2.1 Breach Activation Upon identification of a data breach, Deloitte is notified and the response activated Components of the breach response service Our experienced operational hub manages the customer outreach, support, protection and identity repair within agreed timescales to enable customer confidence as well as regulatory compliance. Data breach Dedicated 24/7 client response Account manager Operational hub Experienced operational management Data and call handling specialists Technology driven management information (MI) and reports Professionally produced call scripts Incident management Resource and infrastructure capacity Experienced account management Contract management Coordination and capacity planning Mobilization to scale within guaranteed timeframes Multi lingual capability Guaranteed capacity for the customer base Customer outreach and notification Identity repair and protection Credit monitoring 5

Customer Breach Support Contact The four pillars of our managed service Cyber specialists Experts in cyber security and data protection: Deloitte s dedicated and industry-leading cyber practice operates across the globe. In the UK alone we have delivered security solutions to more than 60% of non-restricted FTSE 100 organisations. Crisis Management Deloitte s crisis management services are founded on trust. We build the relationships that make companies all over the world place trust in us to prevent the avoidable and prepare for the truly unavoidable. In the event of a crisis we are able to mobilise our unrivalled network of specialists from risk sensing, agile governance and critical communications to support our clients. Established and proven managed services Deloitte has 20 years experience of delivering successful, high-quality, largescale managed services across business sectors including Financial Services, Public Sector, Regulatory Bodies and Corporates. Our operations have supported firms in customer interaction across more than three million customer claims. Collaborating with industry leaders AllClear ID s award-winning team of experts has been perfecting breach response for more than a decade. AllClear ID has managed thousands of incidents, including three of the four largest data breach responses in history, now safeguarding half a billion customers every day. Get in touch Hugo Morris Partner, UK Tel: +44 (0) 20 7303 5985 hmorris@deloitte.co.uk Dominic Cockram Partner, UK Tel: +44 (0) 20 7303 2288 dcockram@deloitte.co.uk 6

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited ("DTTL"), its global network of member firms and their related entities. DTTL (also referred to as "Deloitte Global") and each of its member firms are legally separate and independent entities. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more. Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our network of member firms in more than 150 countries and territories serves four out of five Fortune Global 500 companies. Learn how Deloitte s approximately 264,000 people make an impact that matters at www.deloitte.com. This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms or their related entities (collectively, the Deloitte network ) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication 2018. For information, contact Deloitte Touche Tohmatsu Limited.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback