In the event of a cybersecurity breach, any company with a cyber insurance policy should contact their carrier as soon as possible. One of the first steps the cyber insurance carrier will take is to hire a forensics company to investigate the breach. Digital forensics is one of the more expensive aspects of most cyber claims, with costs typically ranging from $20,000 to $50,000.
Digital forensics companies fulfill several roles in responding to a breach. One often underlooked function of a digital forensics investigator is to preserve evidence of the violation. In effect, the investigation team treats the breached computer system as a crime scene, taking great care to make sure no evidence is destroyed or altered. This allows law enforcement to prosecute cybercriminals when found and helps keep evidence admissible for both criminal and civil court in the event of future disputes. Most in-house information technology professionals lack this specific expertise.
More generally, the digital forensics team will be responsible for answering several key questions for both the breached company and the insurance carrier. They will attempt to determine how the breach occurred and who is responsible for the hack. The investigators will also analyze to determine the size of the breach, identifying how many and which records were exposed to hackers in the case of data breaches. This information will be necessary for a breached company to comply with public notification requirements related to the intrusion.
Additionally, the forensics company will attempt to root out any malicious code that may remain in the system after the breach as well as identify unauthorized user accounts with inappropriate privileges. They may also help to determine the extent to which an intrusion or breach is still ongoing. All of this information is necessary to start the process of improving the breached company’s security and help make sure a future breach does not occur as a knock-on effect of the current one. Forensics teams can make security recommendations and help improve network infrastructure.
Given these critical roles, companies need to ensure that their cyber insurance policies will provide for high-quality forensics in the event of a breach. It’s also essential for companies to make sure that the forensics team has ready access to the computer systems and personnel they need to do their job efficiently and promptly. Cyber claims continue to grow in size, particularly for small and medium-sized businesses, so these companies need to take what steps they can to minimize and mitigate against these losses and keep claim expenses low.