When a data breach occurs, Counsel is the first call for any executive. Together with your cyber insurance carrier, they are responsible for recommending a data mining vendor. The data mining vendor is responsible to accurately determine the extent of the breach by identifying whose sensitive data and what sensitive data has been compromised by the threat actor. The resulting deliverable from the vendor guides Counsel as to how they advise on next steps, compliance, and notification.
There are several factors Counsel should consider when recommending an incident response vendor. Today, there are certain best practices that ensure you can find the speediest and most accurate partner without running up an unnecessarily large bill:
Choose vendors who utilize advanced technology for data extraction
Prioritize security
Prioritize onshore review options
Prioritize transparent pricing or consider fixed-fee pricing models
Historically, it has been uncommon for Counsel to consider details such as how a data mining vendor conducts their workflows to arrive at a notification list. Going forward, though, it behooves them to ignore this important factor when recommending an incident response partner to their client.
Data Mining Technology Innovation
Why should technology and automation practices of the vendor be important to Counsel? By seeking out partners who have automated their data mining (see how Actfore does it here), Counsel is able to receive a much more accurate scope of the project and the timeline and ultimately a faster, more accurate picture of the extent of the breach. Automation introduces enhancement to speed and accuracy in identifying the parameters of the project that a manual review partner can never offer. One of the most common pain points in data mining is cost overruns and data expansion. Read about them and how to resolve the challenge in this blog.
The greatest nightmare of any Counsel dealing with a data breach is to end up experiencing a second cyber incident while trying to recover from the first. Specifically, if your data mining vendor is subject to a cyber incident, your (clients’) once compromised data, may now be twice compromised. It is critical to choose a vendor who employs stringing security protocols. Ideally, your incident response partner of choice conducts all work within secure, on-premises forensics labs in the USA. By choosing an onshore partner, you can better guarantee that the data is safe.
Onshore vs Offshore Review Reliance
A large majority of data mining vendors rely heavily on offshore review centers (and thus benefit from cheaper labor prices). Cheaper doesn’t mean better, however. When choosing a data mining partner, prioritize onshore partners. Offshore partners lack the operational efficiency needed to guarantee an efficient timeframe and budget. Additionally, reports from vendors who utilize manual review centers are often unpresentable or even unusable. Counsel has become too familiar with the need to review, correct, and even redo deliverables from manual review vendors before they can present it for the next step of an incident response.
Transparent Pricing & Cost Overruns
When it comes to budgeting, Counsel is often offered a phased pricing approach. Phased pricing is convenient (for the vendor) for many reasons including its flexibility to adjust mid-engagement. This is because many data mining vendors do not invest in advanced technology or are not willing to commit to initial scoping estimates. (For more on the complexities of data stores and surprises in data mining, read this blog.)
In today’s digital data landscape, it is common to have data overruns and file expansions to many more terabytes of data if original data inventory (or forensics) work was not as precise and up to date as it should have been. (See this case study where initial estimates of data volumes were terabytes short.) When zip files balloon, and other data surprises occur, phased pricing is a convenient way for a vendor to increase cost. Add to that, if the vendor relies on manual review to identify the extent of a data breach, the added labor needs also pile on to the cost and time escalations.
Phased pricing models that continue to spread in scope as the true depth of the breach is uncovered are inconvenient, burdensome, and even a legal liability for both Counsel and the end client when compliance deadlines loom. Consider, instead, a fixed-price model and/or vendors that rely on automation, technology innovation and data science.
Moving forward, the savviest Counsels will advise investing in tech-forward solutions that can offer guaranteed results rather than reaching out to partners who rely on manual review and/or offshore their labor. As AI and automation is introduced into data mining, the cost gap between onshore and offshore data mining begins to close. Counsel who value transparency and security choose partners who  can accurately identify the scope of a project and can guarantee notification list delivery.
Offshoring Data Mining as a Common Practice
Many Counsel and Carriers overlook how data is handled by the vendors they select. International data transfers to offshore centers are very common in business practices in the US--especially in the data review and data mining space. However, it's risky business to put once compromised data at risk of a second compromise.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
