Study: Data breaches becoming ‘ubiquitous’ as 43% of companies report incidents
COSTA MESA, Calif. — Nearly half of companies have suffered from at least one security incident, according to a new study, prompting many to implement data breach response plans and ramp up investments in security technologies. Is it enough?
As data breaches make headlines worldwide, Experian Data Breach Resolution released on Wednesday a new study with the Ponemon Institute on data breach preparedness. The second annual study — “Is Your Company Ready for a Big Data Breach?” — found that executives are concerned about the effectiveness of their data breach response, despite taking the basic steps to be prepared.
"While more organizations have data breach preparedness on their radar and have developed a response plan, a majority of companies are not putting the support and resources behind having it truly be effective," said Michael Bruemmer, VP, Experian Data Breach Resolution. "A checklist response plan alone doesn't mean you're prepared. There should be an incident response team in place that practices the plan and ongoing investment from the C-suite to ensure technologies are up-to-date, external breach experts are secured and selection of an identity protection product for affected customers is determined prior to an incident to ensure a quick and smooth response."
Key findings from the study include:
Companies understand the importance of data breach preparedness
- Data breaches are becoming ubiquitous with almost half (43%) of organizations surveyed having suffered at least one security incident, up 10% from 2013;
- As a result, more companies have a data breach response plan in place (73%), up 12% from 2013; and
- Forty-eight percent of organizations increased investments in security technologies in the past 12 months.
Confidence amongst senior executives to manage a data breach remains low
Despite increased security investment and having incident response plans in place, when asked in detail about the preparedness of their organization, survey respondents were not confident in how they would handle a major issue.
- Sixty-eight percent of respondents felt unprepared to respond to a data breach;
- Most haven't or don't regularly update their plan (78%) to account for changes in threats or as processes at a company change;
- Thirty percent of respondents felt their data breach response plan was ineffective; and
- Concerns are not just operational. Many companies were more concerned about threats being harder to manage for IT security teams.
Executives recognize what needs to happen to improve their incident response
- The vast majority of executives (70%) surveyed want more oversight and participation from board members, chairman and CEO for data breach preparedness;
- Seventy-seven percent suggested more fire drills to practice data breach response would help them be more prepared;
- Respondents ranked identity theft protection products and access to a call center as the two most important services a company should provide customers following a breach; and
- Sixty-nine percent indicated additional funding as a major need to improve response activity.
"Compared to last year's study results, survey findings show encouraging signs that organizations are beginning to better prioritize data breach prevention, but more needs to be done," said Larry Ponemon, chairman and founder of the Ponemon Institute. "Companies should be careful of not becoming complacent because they have a response plan in place or just completed a security audit. Preparedness requires ongoing maintenance and diligence."