HomeResourcesCyber Incident & Breach Response

Cyber Incident & Breach Response

2017 Cyber Incident & Breach Readiness Guide (PDF) - For nearly a decade OTA has published a Breach Readiness Guide to help organizations enhance data protection and prepare for a breach incident. Reflecting the evolution of cybercrime beyond the traditional breach, the 2017 Guide has been broadened to  include the wider impact of cyber incidents.  

Summary 2017 Incident Overview & Resources (PDF)

Briefing Deck (PDF - Feb 7)

Recorded Webinar (Feb 7)

Congressional Briefing Presentation (Jan 31 - PDF)

Data Protection & Privacy Day Press Release

OTA’s analysis and tracking of threat intelligence data has revealed the true number of incidents is over twenty times that of consumer data breaches publically reported. Based on preliminary year-end data, over 82,000 incidents were documented impacting more than 225 organizations daily. As the majority of incidents are never reported the actual number of incidents causing harm combining all vectors including DDoS attacks could exceed 250,000. As defined by OTA incidents include unauthorized; 1) access to a system or device and its data,  2) extraction, deletion or damage to any form of data,  3) disruption of availability and/or integrity of any business operation, and/or 4) activities causing financial or reputational harm. 


2016 Data Protection & Breach Readiness Guide 
Updated to include year-end data, additional international regulatory information and expanded discussion on cyber insurance.

Recorded Webinar / Briefing (2016)

Overview Briefing Deck (PDF, 2016)

IoT Security & Privacy Best Practices 


The OTA Data Protection & Breach Readiness Guide has been developed to help organizations of all sizes in both the public and private sector. Content has been included to help aid a broad range of stakeholders ranging from business and technical decision makers and privacy and security professionals to web and app developers. The goal is to help readers better understand the issues and solutions which can enhance their data protection practices and enable them to develop readiness plans in the event they incur a data loss incident.  See Security Best Practices

Even the most cyber-savvy organizations have found themselves exposed and ill prepared to manage the effects of a data breach. The best defense is implementing a broad set of operational and technical best practices that helps protect your company and your customers’ personal data. The second step is to be prepared with a data lifecycle plan that allows a company to respond with immediacy. Ultimately, industry needs to understand that effectively handling a breach is a shared responsibility of every functional group within the organization. A key to success is moving from a compliance perspective to one of stewardship. This perspective recognizes the long term impact to a brand, the importance of consumer trust and implications and considerations with vendors and business partners.


 

Site Vulnerability & Bug Reports

OTA is committed to the adoption of security and privacy best practices.  Recognizing the evolving threat landscape, we welcome responsible and coordinated disclosures to help improve the security of our site.   Please allow 72 hours for an intial reply and initiate investigations and risk assessments.    Note unless requested otherwise by the submitter, after investigation and resolution, we will provide affirmation to confirmed and resolved reports.

Information Required

Response to Data Security & Breach Notification Act of 2015

OTA believes a single Federal law preempting the patchwork of 47 State laws will benefit consumers and business alike, by providing clarity and a single standard definition of privacy, notification requirements and reasonable security requirements. However, any federal data breach notification law must be sufficiently robust, while not unduly burdening businesses committed to protecting consumers and their data.   Consumers today are becoming jaded and risk being overwhelmed by the sheer volume of data breach notices.

Data Breach Legislation Letter To Congress

The Online Trust Alliance (OTA), a 501c3 non-profit with the mission to enhance online trust and promote innovation, submits the following in response to the recently announced Personal Data Notification & Protection Act and several related draft legislative proposals. OTA represents over 100 organizations committed to the development and advancement of best practices, meaningful self-regulation, data stewardship and balanced legislation. Last month, OTA released its 2015 Data Protection & Breach Readiness Guide developed through feedback from over 100 security and privacy professionals, and held four town halls around the United States where over 500 attendees provided input concerning the various data breach notification proposals. America’s leadership is being threatened and data breaches are a challenge to national security, the economic prosperity of our nation, and most importantly, to the privacy and financial protection of our citizens. Below is a summary of six key points and provisions which we believe are important considerations for an effective and balanced federal data breach notification law.

Jan 25, 2017
Dark Reading

Over the past year, 4,149 data breaches compromised more than 4.2 billion records, shattering the previous all-time high of about 1 billion exposed records in 2013. This finding comes from the 2016 Data Breach QuickView report, released January 25 by Risk Based Security (RBS). Researchers discovered the number of data breaches was fairly consistent between 2015 and 2016, but their severity skyrocketed. 

Jan 25, 2017
Canadian IT News 

Possibly as many as 82,000 cyber incidents a day negatively impacted organizations around the world in 2016, says an industry group that looked at threat intelligence from a number of sources. The Online Trust Alliance, which released the estimate Wednesday as part of its annual Breach Readiness Guide, says that because most incidents aren’t reported to regulators or law enforcement agencies the number could be as much as 250,000.

Consumer Data Breaches Level Off While Other Incidents Skyrocket

Wed, Jan 25, 2017

OTA documents 82,000 “cyber incidents” in 2016 negatively impacting organizations;
admits there could have been more than 250,000 when accounting for unreported incidents

Oct 26, 2016
Bloomberg BNA

Step away for a 90 second recess as Bloomberg BNA’s Jimmy H. Koo peppers Online Trust Alliance Executive Director and President Craig Spiezle with questions about privacy and security.

2016 Data Breach Guide - Significant Increase in Ransomware Extorting Businesses

Tue, Jan 26, 2016

The Online Trust Alliance (OTA), today released its 2016 Data Protection and Breach Readiness Guide. The Guide, released in recognition of Data Privacy & Protection Day, provides prescriptive advice to help businesses optimize online privacy and security practices, and detect, contain and remediate the risk and impact of data loss incidents. OTA found that cybercriminals are increasingly targeting businesses with ransomware. 

Subscribe to Cyber Incident & Breach Response