Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Suite success: Three steps executive teams should take to prevent and survive a data breach

By Vishal Sunak
Looking for Clues
November 16, 2020

Many organizations consider themselves prepared for a data breach when and if their Chief Information Security Officer (CISO) feels they’re ready to handle a cyberattack. These organizations are wrong.

Sure, a CISO doesn’t make decisions in a vacuum, other C-level types like the Chief Technology and Chief Information officers are instrumental. But preparing your company for a breach - both by preventing data loss and being ready to respond to an actual event - requires the efforts of the entire executive team.

The reason? Breaches don't just put data at risk, they have contractual implications that can directly affect the bottom line. That means the Chief Legal Officer (CLO), Chief Financial Officer (CFO) and virtually every other member of the executive team has a role to play in decreasing that likelihood and mitigating the impact.

The following outlines three steps the C-suite and other executive team members should take to prevent and survive a data breach. But first, it’s imperative all involved heed this initial piece of advice when planning cybersecurity; treat breaches not as a possibility, but as something that is going to happen.

 

Listen and lead

Where most data breach planning fails is in execution. Often, the advice of experts - including a company's own CISO - isn't supported by the larger executive team. In fact, sometimes the C-suite can actually undermine strategy.

For example, the best way to avoid a breach is to employ the principle of least privilege - that means limiting access to sensitive data only to those who need it to do their jobs. It’s common sense; the fewer people with that kind of access, the less likely it is that someone would accidentally or maliciously breach your data's security.

While, in theory, a CEO or company President should have access to "everything," few really need unfettered access to secure servers or databases. Only technical and security personnel who actually work with sensitive data need do. So, an executive team can help ensure the principle of least privilege by leading through example and forgoing such unnecessary access.

Similarly, social engineering attacks focus on compromising individuals rather than software; people are easier to fool and mistakes happen. The executive suite can tamp down on social engineering vulnerabilities by budgeting for, and truly getting behind, security training for all employees. And again, every member of the team should lead by example and take the courses, too.

 

Ready and able

A smart C-suite has plans in place to respond to a data breach before it happens. If you’re scrambling during a crisis to determine next steps and policies, the delays can cost you in a number of ways, whether it’s by allowing bad actors more time to inflict damage or delaying reparative action on your end.

Financial and legal teams should be similarly prepared. Customer and partner agreements likely include clauses that stipulate if and how soon they need to be notified in the event of a breach. Those deadlines, ordered by notification period, penalties for non-compliance, and/or termination rights, should be ready for use so tech staff can prioritize which accounts to handle first. Further, customer service teams should have a communications plan in place and prioritize outreach.

Equally important, your finance team should have a clear model of compensation owed to customers and partners in the result of a breach. By doing so, the full fiscal impact can be quickly gauged and any payouts or service credits can be issued in a timely, contractually mandated fashion.

All this work should be done before a data breach happens, so customers will be more likely to stick around after.

 

Constructing contracts

You can mitigate risk by writing contracts with future data breaches in mind. Technology and legal teams should work together to update agreements and ensure each of the following clauses is addressed:

  • Governing law: Standards like the EU's General Data Protection Regulation (GDPR) may set privacy expectations of customers and partners, but you should still stipulate the governing law and the jurisdiction that would rule on contractual obligations.
  • Data access: The "data conduct" of partners and service providers can impact liability, too. Spell out who has access to what and materials that must be returned, purged or maintained if the relationship ends. This prevents data from "lying around" and presenting a risk after it is no longer of use.
  • Reasonable notification: While every stakeholder wants immediate notification following a breach, every CISO knows it takes time to assess the scope. Explicitly spell out the process in the form of a Incident Response Plan so that there’s a playbook to reference during the event to limit chaos and have clear thinking. Review the Incident Response Plan with the employees that would be responsible. Firefighters practice the procedure of preparing and then leaving the station before a fire happens, and this follows the same reasoning.
  • Reasonable compensation: Many customers and partners will insist on some form of compensation in the event of a data breach. Setting maximums prior can limit the financial damage and eliminate having to negotiate after the fact.
  • Limit legal grounds: Breaches are common, so they are not always reasonable grounds for compensation or termination of an agreement. Establish a minimum scope for liability. A hacker breaching a firewall and crashing a marketing website should not result in payouts to all customers.

 

Suite success

While security software can prevent and track the scope of a data breach, contract automation can assess and minimize exposure that agreements pose. Priority lists for IT, customer service and finance teams are also easier to create and update if you have a contract analysis approach that can identify relevant agreements and applicable clauses in real time. Contracts that minimize liability are also easier to create, update and execute via tools that show deficiencies, vulnerabilities and tracks which agreements should be revisited.

Further, the latest technologies include artificial intelligence, which enables entire contract repositories to be parsed, analyzed and categorized at the speed and scale of software. This helps size up risks, prioritize response, while offering tools to update a contract portfolio so future financial impact is minimized.

If you're going to invest in executive time to plan your incident response to a data breach, consider the combined power of the legal resources teaming up with infosec executives to handle the contractual elements of data loss and data exposure. It does take the full executive suite to ensure success – but the right approach can help bring every strategy together for better results.

KEYWORDS: cyber security information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Vishal Sunak is CEO and founder of LinkSquares, where he is responsible for developing strategies aimed at assisting both corporate legal and finance teams with the review of their contracts. He works to prevent his customers from having to read each contract one by one. He founded LinkSquares with the goal of building great products to improve how businesses operate. Prior to founding LinkSquares, he held positions in operations and product management at Backupify and InsightSquared.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • FDA Urges Industry to Take Additional Steps to Prevent Cargo Theft

    See More
  • convergence freepik

    4 steps to prepare for a ransomware attack: A C-suite guide

    See More
  • cyber security lock

    Cybersecurity lessons from the red team: How to prevent a data breach

    See More

Related Products

See More Products
  • A Leaders Guide Book Cover_Nicholson_29Sept2023.jpg

    A Leader’s Guide to Evaluating an Executive Protection Program

  • 150 things.jpg

    Physical Security: 150 Things You Should Know 2nd Edition

  • CPTED.jpg

    CPTED and Traditional Security Countermeasures: 150 Things You Should Know

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!