Experian: More than a third of companies are still unprepared to respond to a data breach

Experian released its annual corporate preparedness study, Is Your Company Ready for a Big Data Breach?, revealing that progress has been made, but companies need to do better.

According to a press released in Cision PR Newswire, the study conducted by the Ponemon Institute reveals that only 36 percent of businesses are prepared to respond to a data breach and confidence levels to control growing threats is low.

The study identified these critical areas for improvement:

• C-Suite Engagement: 49 percent of survey respondents say their executives are unknowledgeable about plans to deal with a data breach. A majority (81 percent) feel that increased participation and oversight from senior executives would make their response plan more effective.
• Security Processes: The most significant barrier to improving security is lack of visibility into end-user access to sensitive information (63 percent) while 60 percent say it’s the proliferation of cloud services. Hindering improvement is the investment in security technologies with a third not planning any investments in the next year.
• Employee Training: More than a quarter of organizations (27 percent) don’t have a privacy/data protection awareness and training program for employees with access to sensitive or confidential information. Less than half of companies (47 percent) tackle spear phishing attacks.
• Response Plan: 42 percent of professionals surveyed say their company doesn’t have a set period for reviewing and updating their data breach response plan, and 23 percent haven’t updated their plan since it was put into place. Less than half (46 percent) have procedures for responding to a data breach involving overseas locations.

“We’d like to see 100 percent of companies prepared and trained to handle any kind of data breach whether it’s malware infiltration or ransomware. Prevention is the key, but if an incident occurs, swift management afterward will greatly minimize the damage,” said Michael Bruemmer, vice president of Data Breach Resolution at Experian. “Organizations should implement a strong security posture staying up to date with the latest attack threats, engage in pre-breach agreements with security partners and hold a practice drill every year with a dedicated response team.”

The study found that 35 percent had two to three data breaches in the past two years, and approximately 1 out of 10 companies (11 percent) experienced more than five data breach incidents in this timeframe. Among the respondents who had a data breach, 43 percent were global in nature. The report further recognized that businesses are struggling to comply with the General Data Protection Regulation (GDPR) — only 36 percent are following the rule.

After a data breach occurs, companies feel even less confident about managing the aftermath:

• Less than a quarter (21 percent) feel confident in their ability to minimize the financial and reputational consequences.
• Only 4 in 10 say they’re effective at doing what needs to be done to prevent the loss of customers and keep business partners’ trust and confidence after a breach.
• Fifty-three percent don’t have a cyber insurance policy that can help recoup expenses and cover damages.

Read the full report here.

Comments are closed.