Data Breaches, Cyber Incidents and Response & Reporting

A few months ago, the Indian Computer Emergency Response Team (CERT-In) caused quite a stir in the data protection & cybersecurity industry when they issued a Direction under Section 70B(6) of the Information Technology Act, 2000 (“IT Act”) which imposes a strict timeline for organisations to report incidents within?6 HOURS?after the incident is discovered.

However, they are not the only country increasing reporting requirements.

President Joe Biden of the USA recently signed off on the Strengthening American Cybersecurity Act of 2022, which included the stipulation that any critical infrastructure entity that submits a ransom payment to a threat actor must also report that they did so to the Cybersecurity and Infrastructure Security Agency (CISA) within 24 hours of delivering the payment.

As more countries adopt and enforce their data protection legislation, and regulators crack down on organisations sweeping their breaches and incidents under the carpet, the public will have much more insight into the security & resilience of organisations which use their data and provide critical services and products.

Suppose your organisation hasn't reviewed your Incident Response & Reporting plans yet this year. In that case, it's time to dust them off and make sure they are in compliance with any applicable legislation, both local and global.

The TLC Group provides training & consultancy support to help make this process easier.

Get in touch by emailing?[email protected]?for more details.