COSTA MESA, Calif.,
Oct. 5, 2016 /PRNewswire/ -- While
most organizations have a data breach preparedness plan in place,
data indicates that executives are not updating or practicing the
plan regularly and lack confidence in its effectiveness. These
revealing findings are according to the just-released study Is
Your Company Ready for a Big Data Breach?, sponsored
by Experian Data Breach Resolution and conducted by the
Ponemon Institute.
The fourth annual study shows that data breach preparedness
certainly is on companies' radar, and having a response plan in
place is par for the course. The number of organizations with a
plan increased from 61 percent in 2013 to 86 percent in 2016.
However, despite this strong majority of companies that now have a
response plan in place, 38 percent of organizations surveyed have
no set time period for reviewing and updating it, and 29 percent
have not reviewed or updated their plan since it was put in place.
Furthermore, only 27 percent of organizations surveyed are
confident in their ability to minimize the financial and
reputational consequences of a breach, and 31 percent lack
confidence in dealing with an international incident.
To access the full complimentary report, visit
http://bit.ly/PreparednessStudy.
"When it comes to managing a data breach, having a response plan
is simply not the same as being prepared," said Michael Bruemmer, vice president at Experian
Data Breach Resolution. "Unfortunately many companies are simply
checking the box on this security tactic. Developing a plan is the
first step, but preparedness must be considered an ongoing process,
with regular reviews of the plan and practice drills."
The lack of planning is especially troublesome when considering
the rise of new threats in the marketplace, such as ransomware. In
fact, the study showed that 56 percent of surveyed organizations
are not confident that they could deal with a ransomware incident.
Additionally, only 9 percent of survey respondents have determined
under what circumstances they would pay to resolve a ransomware
incident.
"Investing in breach preparedness is like planning for a natural
disaster. You hope it will never happen, but just in case, you
invest time and resources in a response plan so your company can
survive the storm," added Bruemmer.
Additional key study findings further demonstrate the divide
between plan creation and true data breach preparedness:
The good: Companies show an increase in the
level of preparedness
- 58% of surveyed organizations (compared with 48% in 2014) have
increased their investment in security technologies in the past 12
months in order to be able to detect and respond quickly to a data
breach.
- 61% of surveyed organizations (compared with 44% in 2013) have
a privacy/data protection awareness and training program for
employees and other stakeholders who have access to sensitive or
confidential personal information.
- Companies understand that they need to take action after a
breach occurs to keep customers and maintain their reputation. To
do so, those surveyed believe the best approaches are providing
free identity theft protection and credit monitoring services
(71%), gift cards (45%), and discounts on products or services
(40%).
The bad: Missteps and signs of complacency
- Among those organizations surveyed that do not practice their
plan (26%), a majority (64%) don't practice because it is not a
priority.
- Only 38% of companies surveyed have a data breach or cyber
insurance policy. Of those that do not have such a policy, 40% have
no plans to purchase one.
- Less than half (46%) of survey respondents have integrated
response plans into their business continuity plans, and only 12%
meet with law enforcement or state regulators in advance of an
incident.
- Only 39% of organizations surveyed practice their plan at least
twice a year.
For additional data breach resources, including webinars, white
papers and videos, visit http://www.experian.com/databreach. Read
the Experian Data Breach Resolution blog at
http://www.experian.com/blogs/data-breach/.
About Experian Data Breach Resolution
Experian Data
Breach Resolution, powered by the nation's largest credit bureau,
is a leader in helping businesses prepare for a data breach and
mitigate consumer risk following breach incidents. With more
than a decade of experience, Experian Data Breach Resolution has
successfully serviced some of the largest and highest-profile data
breaches in history. The group offers swift and effective
incident management, notification, call center support and fraud
resolution services while serving millions of affected consumers
with proven credit and identity theft protection products. Experian
Data Breach Resolution is active with the International Association
of Privacy Professionals, NetDiligence, Advisen and the Ponemon
Institute RIM Council and is a founding member of the Medical
Identity Fraud Alliance. For more information, visit
http://www.experian.com/databreach and follow us on Twitter
@Experian_DBR.
About Experian
We are the leading global information services company, providing
data and analytical tools to our clients around the world. We help
businesses to manage credit risk, prevent fraud, target marketing
offers and automate decision-making. We also help people to check
their credit report and credit score and protect against identity
theft. In 2016, for the third year running, we were named one of
the "World's Most Innovative Companies" by Forbes
magazine.
We employ approximately 17,000 people in 37 countries and our
corporate headquarters are in Dublin,
Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.
Experian plc is listed on the London Stock Exchange (EXPN) and
is a constituent of the FTSE 100 index. Total revenue for the year
ended March 31, 2016, was
US$4.6 billion.
To find out more about our company, please
visit http://www.experianplc.com or watch our
documentary, "Inside Experian."
Experian and the Experian marks used herein are trademarks or
registered trademarks of Experian Information Solutions, Inc. Other
product and company names mentioned herein are the property of
their respective owners.
Contacts:
Jocelyn
Kemly
Edelman
1 206 664 8616
jocelyn.kemly@edelman.com
Sandra A. Bernardo,
APR
Experian Data Breach Resolution
1 949 567
3676
sandra.bernardo@experianinteractive.com
Photo -
http://photos.prnewswire.com/prnh/20161004/415055
Logo -
http://photos.prnewswire.com/prnh/20130131/LA51658LOGO
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/companies-are-complacent-and-lack-confidence-when-it-comes-to-data-breach-preparedness-according-to-a-new-study-300339176.html
SOURCE Experian Data Breach Resolution