Baker Tilly Poll Finds Higher Education Institutions Have Not Yet Tested Their Cybersecurity Breach Response Plans

CHICAGO, Thursday, December 17, 2014 – In response to the growing number of college and university data breaches, Baker Tilly Virchow Krause, LLP (Baker Tilly) has teamed with the Association of College and University Auditors (ACUA) to provide cybersecurity preparedness and breach response plan resources. During a recent educational webinar, Auditing your institution's cybersecurity incident/breach response plan, nearly 80 percent of respondents indicated that their institutions have not yet tested their cybersecurity incident/breach response plans as a preemptive measure to ensure it will work during an incident.

“2014 was the year of the breach. Almost every day we saw a new organization report that a cybersecurity incident led to the breach of data. This drives the point that organizations need to establish a breach response plan proactively, before any incident occurs,” said Mike Cullen, senior manager of technology risk services at Baker Tilly. “Cybersecurity preparedness starts with prevention, but even top security measures can’t guarantee data safety. It’s increasingly important to have a formalized, tested, and refined cybersecurity incident and breach response plan, especially due to the complexity of federal and state laws that require specific breach response steps and notifications.”

Internal auditors can play a valuable role by helping both management and the board see the value in cybersecurity incident/breach response plans. This includes auditing the plan to ensure that it covers the applicable laws and requirements, or reviewing the plan then interviewing plan participants to validate clarity of roles and responsibilities.

“The top three things to do: 1) make sure there is a formalized cybersecurity incident/breach response plan, 2) make sure the response team is made up of folks from across the organization, and 3) test the plan preemptively to make sure it works,” explains Baker Tilly co-presenter and technology risk services director Jan Hertzberg.

A recording of the webinar is available on-demand and the presentation slides are available for download.

About Baker Tilly Virchow Krause, LLP (bakertilly.com)

Baker Tilly Virchow Krause, LLP (Baker Tilly) is a nationally recognized, full-service accounting and advisory firm whose specialized professionals connect with clients and their businesses through refreshing candor and clear industry insight. With approximately 2,700 employees across the United States, Baker Tilly is ranked as one of the 15 largest accounting and advisory firms in the country. Headquartered in Chicago, Baker Tilly is an independent member of Baker Tilly International, a worldwide network of independent accounting and business advisory firms in 147 countries, with 30,000 professionals. The combined worldwide revenue of independent member firms is $3.2 billion.