Data Breach Preparedness Continues to Lag

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.jdsupra.com/legalnews/data-breach-preparedness-continues-to-la-59458/

A recent study by an independent research institute suggests that the
increase in companies’ efforts to prepare for data breaches may not be
keeping up with the increased risk. A September 2014 report by Ponemon
Institute LLC concludes that many companies remain “deficient in governance
and security practices that could strengthen their data breach
preparedness.”

Key points from the Ponemon report…

In its second annual study on data breach preparedness, Ponemon (a
self-described “research think tank dedicated to advancing privacy and data
protection practices”) made the following observations:

- The percentage of survey-respondent companies with data breach plans in
place has increased to 73%, which is certainly a positive development.
- Unfortunately, data breaches are increasing in frequency by an even
faster rate.
- The percentage of respondents with data breach or cyber security
insurance policies more than doubled from 2013 to 2014 to 26%. (See this
Doug’s Note for more on cyber security insurance.)
- Preparedness programs often fail to address all consequences of a breach,
including such things as negative public opinion or media reports, loss of
customer and business partner confidence, loss of confidential information
and intellectual property and notification of victims and regulators.
- Despite the existence of breach preparedness plans, only 30% of
respondents believed theirs is effective.
- Many respondents reported that their preparedness plans have been largely
ignored after they were developed. Reviewing, updating and practicing a
preparedness plan is spotty.
- Only 29% say their board of directors and CEO are “informed and involved”
in plans to deal with a breach.
- Only 36% say that their leadership has asked to be notified immediately
if a material breach occurs.
- Less than half of respondents have invested in technology to detect and
respond to a breach.
- Three quarters of respondents believe that “fire drills” are the most
effective way to enhance the response process.
- Employee training needs to be improved.

The takeaway…

The Ponemon study highlights that, with data breaches occurring with
increasing regularity, it is not enough to simply adopt a preparedness
plan. A plan without effective implementation and ongoing updating is only
marginally better than no plan at all.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!