As more and more companies are falling victim to cyber-attacks, the concept of an incident, or breach, response plan has become very pertinent to corporate leaders. When Epsilon Data Management was hacked into last March, CEO Bryan Kennedy decided to notify all of its important customers within 48 hours of the breach, even though he was not obligated to under law. Breach notification laws are only triggered when a particular piece of data has been compromised (i.e. usually social security numbers, names, address, etc.).
It was clear that the most pragmatic approach was to get out in front of this.” – Bryan Kennedy, CEO, Epsilon Data Management.
The success of Epsilon’s ability to respond to a cyber-attack is a testament to its corporate culture and tone at the top, in particular as it pertains to protecting mission-critical information and brand reputation. By contrast, Citigroup’s response to its latest cyber-attack can show an organization what will happen when there is no comprehensive or systematic program in place.