Forbes: It’s Been Three Years Since Equifax Put Crisis Response Center-Stage, Yet Not Enough Has Changed

September 7, 2020 marks the three-year anniversary of the massive Equifax EFX -1.2% breach that caused the exposure of over 145 million Americans’ personal data. This very high-profile case is often used as something of an industry bogeyman when it comes to breach response. With so many column inches expended detailing the missteps the company took, there is no point raking over the detail again.  However, what does warrant further investigation, is why something that should have been a learning and subsequent call to action for company leaders has seen so little change in terms of crisis response. 

Research confirms there’s a lot of work to be done. An astounding 40% of security leaders are not confident in their team of responders due to a failure to adapt to today’s modern threat techniques and landscape. Organizations are often still caught flat-footed by destructive attacks, unprepared and unable to react to a whole range of cyber crisis scenarios. As an industry, we need to evolve our crisis responders in the same way we update technological countermeasures, little and often to ensure relevance. Less onerous, shorter, more inclusive training that is linked into the threat landscape is crucial.