It's my fault.
That's what I think if there is a security incident with my employer that involves the database. It's almost my first thought when I hear about issues at other organizations, thinking a technical person is at fault. Since I've been a developer and administrator, and I know how complex systems are, I usually stop myself and try to learn more before I assign blame.
The public and your customers also think that it's just your fault. At least, that's what I see and hear from friends. Non-technical people are very quick to assign blame and get upset. They can't understand why some companies get breached and others don't. To them, it's because the staff or management are lazy and haven't done a good job keeping their systems secure.
However, even my technical friends get upset. I've had more than a few of them chastise an organization for getting breached when they themselves haven't always kept up to date on patches. I mean, how many of you are sure every SQL Server you have is at the latest CU level? How quickly do you patch? Are you sure your firewall people haven't accidentally misconfigured a rule for port 1433?
Anyone can get breached, as noted in this article. However, a good response can set you apart, and I wish that more management and technical people would be prepared now for a data loss incident, a ransomware attack, or really any security issue that might occur in the future.
It's easy to panic and make rash decisions. The best time to draft your response is now, when you have a clear head and no pressure. Have a few people start to game out how to react, what words and message to send, and who will take responsibility for communicating with customers. It's worth a little exercise to discuss some possible responses to events and at least have the outline of a plan.
And no matter what, be sure you have a copy of the plan air-gapped from your network. On a few flash drives, saved to a separate OneDrive/Google Drive/Dropbox account, or even printed out. The last think you need is for all of your work to be inaccessible because of something like ransomware encryption.
