Skip to content

How AI Is Transforming Data Breach Response & Risk Mitigation Efforts

Canopy Team February 24, 2022
How AI Is Transforming Data Breach Response with Canopy & She Said Privacy He Said Security Podcast


🌳🌳🌳Canopy recently joined Jodi and Justin Daniels on their podcast, She Said Privacy, He Said Security, to discuss using AI for Data Breach Response.

Here’s a recap of what Adi Elliott, Canopy CRO, discussed with Jodi and Justin:


How did Data Breach Response begin, and how is AI impacting it now?

Data Breach Response isn’t a sector that developed slowly over time. The need for it arose suddenly a few years ago, when jurisdictions across the world began passing sensible regulations to protect data. These regulations don’t wait for purpose-built software, so organizations had to use the software that they already had.

Now technology is catching up to regulations, and AI is transforming the Data Breach Response process in 3 core ways:

1. Data Mining
Data Breach Response teams look for the same thing every time: personally identifiable information (PII). They previously used search terms and regular expressions (regex), neither of which are good at identifying PII. These methods typically flag around 70% of a data set for human review, although only 10-20% of most data sets actually contain PII. Because search terms and regex are so unreliable, many law firms recommend reviewing the entire data set.

But with Canopy’s AI and machine learning models built specifically to address every element of PII, Data Breach Response teams can get to the actual PII faster and more accurately.

2. PII Review
By sending 60-90% fewer documents off for human review through better data mining techniques, AI significantly speeds up this process. Additionally, linking people to their PII is a perfect problem for AI to solve with more efficient workflows.

3. Entity Consolidation

The end goal of any Data Breach Response project is a deduplicated list of people and their breached PII. AI can work through name variations, misspellings, address changes, and other duplicative information much faster than humans.


How does Canopy fit into the overall incident response (IR) process?

Canopy’s Data Breach Response is the only software in the world that is end-to-end focused on data breach response. The incident response process happens first, during which an IR team will confirm that an incident has occurred, contain and eradicate the threat, and provide the compromised data. What’s left is to analyze the data for PII and people, legally determine whether the event constitutes a breach, and then notify (if applicable). 

"Canopy is the only software in the world that is end-to-end focused on data breach response."

Enter Canopy. The IR team uploads the compromised data set to Canopy, which processes it and runs PII detection via machine learning models. Clients then data mine, complete their PII review, and consolidate entities; then, export a list for notification.


What makes Data Breach Response so expensive, and how can companies manage the cost of responding to a cyber event?

There are two primary contributors to costly Data Breach Response:

  1. Paying the ransom, and
  2. Humans reviewing data.

The second is where costs can be managed, with the right technology. Let’s assume that review costs $1 per document. If you’re dealing with a 50 GB PST, that easily contains several hundred thousand documents. The difference between reviewing 15% of that versus 70-100% is enormous.

Cyber insurers largely bear the cost burden. Between these two variables, organizations are easily maxing out their policies, so insurers are beginning to require panel providers to use purpose-built technology. There has been some resistance from review companies that have built their business on older, more lucrative methods, but the tide is turning.


What advice do you give companies looking to mitigate their risk of a potential breach?

We see many companies try to remediate every element of PII in your enterprise, but that just isn’t practical. Instead, we recommend focusing on changing human behavior. When investigating compromises, IR teams often find that the cause was an employee out of compliance with policies — despite that employee having completed cybersecurity training and the company having taken all the right steps.

Canopy’s Data Breach Response software is so amazing at PII identification that CPOs and privacy leaders began asking, “What if we use this before a breach?” You could analyze sample sets of data from across your organization to understand how employees actually handle PII. If they are engaging in risky data practices, learn why. Then take this knowledge and create customized cyber policies that enable similar groups of people to do their jobs easily while keeping PII safe.

“It’s about changing human behavior, policies, and training, not so much about crawling your whole enterprise to look at every bit and byte.”

We talked to the team at Gartner and recognized a technology gap — nothing existed to quickly, easily, and accurately scan data sets for PII. So we took Canopy’s core data mining technology and created Privacy Audit, a new software that makes our unrivaled PII detection algorithms available at the enterprise level.


Want to hear more? You can listen to the full episode on Red Clover Advisors’ website, or tune in wherever you listen to podcasts. This episode originally aired on January 6, 2022.