U.S. Businesses On Alert After Data Breaches
While the number of companies affected by data breaches is on the rise, so, too, is awareness of the problem, new research finds.
Even though major retailers like Target and Home Depot made the most headlines in the past year because of data breaches, companies of all sizes face similar dangers. Overall, 43 percent of U.S. businesses suffered at least one cybersecurity incident this year, up 10 percent from 2013, according to a study from the Ponemon Institute, which conducts independent research on privacy, data protection and information security policy, and Experian Data Breach Resolution.
These incidents have data security in U.S. businesses at an all-time high. Nearly three-quarters of the businesses surveyed now have a data breach response plan in place, up 12 percent from last year. Additionally, 48 percent of organizations have increased their investment in security technologies in the past 12 months.
Since employee errors are a frequent cause of data breaches, more and more businesses provide their staffs with data security training. The study discovered that 54 percent of companies have privacy and data-protection awareness training for employees and other stakeholders, up 10 percentage points from 2013.
Additionally, the number of companies investing in cyberinsurance is also rising. This year, 26 percent of the organizations surveyed purchased data breach insurance this year, which is more than double from a year ago.
"Compared to last year's study results, survey findings show encouraging signs that organizations are beginning to better prioritize data breach prevention, but more needs to be done," Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.
Despite the number of companies putting response plans in place, executives remain concerned about their ability to handle a major breach. Specifically, 68 percent of the executives surveyed said they feel unprepared to respond to a data breach, with 30 percent saying the data breach plan they have is ineffective. [Small Business Data Breach: Mitigating the Damage ]
In addition, nearly 80 percent of company executives said their organization hasn't or doesn't regularly update its response plan to account for changes in threats or in the business's processes.
"Companies should be careful of not becoming complacent because they have a response plan in place or [because they] just completed a security audit," Ponemon said. "Preparedness requires ongoing maintenance and diligence."
Executives want their organizations to take a number of actions in order to strengthen their company's security response plans. The research revealed that 70 percent of executives said they want more oversight and participation from board members, chairman and CEOs for data-breach preparedness, while 69 percent indicated they could use more funding.
Also, 77 percent said more "fire drills" to practice data-breach response would be helpful. Michael Bruemmer, vice president of Experian Data Breach Resolution, said simply having a checklist response plan doesn't by itself prepare a business for a security incident.
"There should be an incident response team in place that practices the plan, and ongoing investment from the [senior executives] to ensure technologies are up to date," Bruemmer said.
The study was based on surveys of 567 executives in the United States. The majority of those surveyed had titles of director, manager or supervisor.
Originally published on Business News Daily