While majority of orgs fear big breach, they’re not prepared to respond

This is no shock to anyone who has been paying attention to data security: Nearly every organization, no matter its size or location or industry are at significant risk of a data breach. How significant? Well, if a survey just published by ID Experts, Mitigating the Inevitable: How Organizations Manage Data Breach Exposures is any indication, most organizations have experienced a data breach whether or not they know it.

According to this report, the majority of data breaches are so small that they go undetected for long stretches of time. And, unfortunately, when they are detected, the majority of organizations don’t have the breach and incident response capabilities on hand to mitigate the damage.

According to the survey, 80% of organizations are concerned with big breach consequences – think things like response costs, customer loss, a hit to their brand reputation, regulatory fines and so on. Earlier this month, I posted about a survey conducted last year that found 59% of enterprises were covered by some form of cybersecurity insurance; this survey found 64%.

“The report indicates that there is a lot of concern about data breach impact and uncertainty about data breach response best practices. Most organizations are not prepared to manage the high-risk, high-threat landscape in which we do business,” said Jeremy Henley, director of breach services at ID Experts, said in a statement.  “60% of respondents rely solely on the IT department to manage data breach response. However, best practice is a cross-functional team with a combination of specialties to handle a data breach to fully protect the organization and meet privacy and regulatory compliance,” he continued

Key Findings of the Report

  • 80% of all surveyed organizations are concerned about the consequences of a large public data breach. 17% of respondents have experienced a data breach that they are aware of over the previous 12 months. The vast majority of the data breaches experienced are small, consisting of a loss of fewer than 500 records. The median data breach is 100 records.
  • Only 45% of respondents believe their company has adequate resources to detect all breaches.
  • 75% of respondents have developed an incident response plan but only 42% have tested the plan.
  • 60% of respondents said that the information technology (IT) department is responsible for managing the data breach response.
  • 64% purchase cyber insurance. The vast majority of breaches fall below the cyber insurance policy deductible. Most organizations use internal resources to manage small breaches. 51% have selected data breach response vendors. 75% prefer to receive all cybersecurity risk services from a single vendor.

RELATED LINKS

Has the time for cybersecurity insurance come?

What is the key to lowering the high cost of a data breach?

Enterprises continue to struggle with breach response, cloud security

Trackbacks

  1. […] a recent survey found that nearly every organization is at risk of a data breach, but most lack the response capabilities to mitigate the damage should one […]

    Like

  2. […] While majority of orgs fear big breach, they’re not prepared to respond […]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: