Television's true-crime drama “The First 48” always begins with the statement: "For homicide detectives, the clock starts ticking the moment they are called. Their chance of solving a murder is cut in half if they don't get a lead within the first 48 hours." The idea being the longer you wait to figure out who the adversary is and to assess the damage from a crime, the harder it is to solve and prevent further attacks. Like murders, with cyber-attacks there’s a critical window of opportunity to respond. Often this window is 72 hours or less before serious costs begin to accrue.

In healthcare, where patient data is paramount and strict compliance measures are in place, it’s critical to have a sound incident response plan in place. Those healthcare organizations without one fall short of responding to incidents quickly and effectively. In a recent HIIMSS survey of IT professionals in healthcare organizations, less than half of respondents reported that their organizations have tested data breach response plans; and more than half are still spending three percent or less of their overall IT budget on securing patient data. With advanced threats and increasing theft or loss of data, incident response plans allow organizations to limit the damage of a breach, by containing it quickly and reducing recovery time and costs.  

A recent white paper by TechTarget quoted the Ponemon Institute’s findings in its 2011 Cost of a Data Breach Study, "Outside consultants assisting with a breach response can save as much as $41 per compromised record.” This equates to $1.2 million in savings (based on an average 28,349 records per breach) for a typical security incident, according to the institute. Not only is prevention the best cure, so is planning ahead.