The BCI

Organizations lacking confidence when it comes to data breach preparedness

News   •   Oct 07, 2016 15:34 BST

Despite most organizations having a data breach preparedness plan in place, only a quarter of organizations are confident in their ability to minimize the financial and reputational consequences of such a breach. These findings are according to a study carried out by the Ponemon Institute on behalf of Experian.

The fourth annual data breach preparedness study shows that data breach preparedness certainly is on companies' radar, and having a response plan in place is par for the course. The number of organizations with a plan increased from 61% in 2013 to 86% in 2016. However, despite this strong majority of companies that now have a response plan in place, 38% of organizations surveyed have no set time period for reviewing and updating it, and 29% have not reviewed or updated their plan since it was put in place.

The lack of planning is especially troublesome when considering the rise of new threats in the marketplace, such as ransomware. In fact, the study showed that 56% of surveyed organizations are not confident that they could deal with a ransomware incident. Additionally, only 9% of survey respondents have determined under what circumstances they would pay to resolve a ransomware incident.

The Cyber Resilience Report, published by the Business Continuity Institute, revealed that two-thirds of organizations experienced a cyber security incident during the previous year and 15% experienced at least 10. This shows that the cyber threat is very real and organizations must take it seriously. This means making sure processes are in place to ensure that data can be recovered quickly and that those processes are tested to make sure that they work.

"When it comes to managing a data breach, having a response plan is simply not the same as being prepared," said Michael Bruemmer, vice president at Experian Data Breach Resolution. "Unfortunately many companies are simply checking the box on this security tactic. Developing a plan is the first step, but preparedness must be considered an ongoing process, with regular reviews of the plan and practice drills. Investing in breach preparedness is like planning for a natural disaster. You hope it will never happen, but just in case, you invest time and resources in a response plan so your company can survive the storm".