Your Network Has Been Hacked. You Have 72 Hours to Report It.
Your Network Has Been Hacked. You Have 72 Hours to Report It.
Companies are scrambling to meet new regulations that require them to figure out what’s going on—quickly
https://www.wsj.com/articles/your-network-has-been-hacked-you-have-72-hours-to-report-it-1537322400
Earlier this year, the European Union has implemented stringent regulations penalizing Multinational corporations for failing to report and detect data breaches. Called the General Data Protection Regulation, it requires firms collecting data about citizens living in the EU to report data breaches to regulators within 72 hours of discovery. With a penalty of up to 4% in fines, companies are moving quickly to develop more expedient systems to detect data breaches.
Many companies have taken preemptive steps to face this challenge. Companies like Aetna, Cisco Systems Inc, and Operations Clearing Co. rehearse their breach reports to act out who needs to be involved and immediately inform their regulators upon learning of a possible breach. They speed up the communication process by pre-writing news releases and scripts.
Certain companies like Operations Clearing Corp uses software via elaborate networks of sub teams to detect data breaches of its customers. If they detect a breach outside of the company, its customer-service group and crisis-communication team use the pre-written scripts to warn the external firm.
Though not explicitly mentioned in the article, if companies were to work together in detecting and preventing data breaches then they can both maximize their chance of no breach and reduce the time dealing with it and instead use that time productively like growing the company. Companies that stand alone could be loosing in this battle if they choose not to cooperate with the numerous MNC’s that could offer valuable detection services. As discussed in class, this network is an example of having Nash Equilibrium in that no company would benefit from protecting itself without inevitably protecting other companies. It will be interesting to see the ways MNC’s continue to develop the ways of reporting data breaches.