The likelihood that companies will experience a security incident continue to rise every year. While most organizations have put a data breach preparedness plan in place to combat such incidents, most executives aren't updating or practicing the plan regularly, according to study released earlier this month.
"When it comes to managing a data breach, having a response plan is simply not the same as being prepared," Michael Bruemmer, vice president at Experian Data Breach Resolution (which sponsored the study) said in a statement. "Unfortunately many companies are simply checking the box on this security tactic. Developing a plan is the first step, but preparedness must be considered an ongoing process, with regular reviews of the plan and practice drills."
The Fourth Annual Study: Is Your Company Ready for a Big Data Breach? was conducted by security research firm Ponemon Institute on behalf of Experian Data Breach Resolution. In August , Ponemon surveyed 619 executives and staff employees who work primarily in privacy, compliance and IT security in the U.S.
This year's study found that the number of organizations with a data breach preparedness plan reached 86 percent in 2016, up from 61 percent in 2013. To be sure, Ponemon found a number of positive signs that companies are increasing their preparedness for data breaches:
- 58 percent of respondents say their organizations have increased investment in security technologies in the past 12 months with an eye to detecting and quickly responding to data breaches. That's up from 48 percent in 2014.
- 61 percent of respondents say their organizations have a privacy/data protection awareness and training program in place for employees and other stakeholders who have access to sensitive or confidential personal information. That's up from 44 percent in 2013.
- Companies have come around to the idea that after a breach occurs, they need to take action to keep customers and maintain their reputation. 71 percent of respondents say the best approach is providing free identity theft protection and credit monitoring services, 45 percent say gift cards and 40 percent say discounts on products or services.
Are you really prepared for disaster?
But even as organizations are paying more attention to data breach preparedness, most aren't giving it the attention needed to execute their plans successfully when the time comes. Ponemon found that 38 percent of organizations have no set time period for reviewing and updating their plan and 29 percent have not reviewed or updated their plan since it was first put in place. Only 27 percent of organizations surveyed felt confident in their ability to minimize the financial and reputational consequences of a breach, and 31 percent lacked confidence in dealing with an international incident.
Sign up for Computerworld eNewsletters.