While “set it and forget it” may be a great philosophy for a convection oven or programmable thermostat, it should never be your approach to a data breach response plan. Yet a stunning number of companies are acting as if their plans are on autopilot.
In our Second Annual Study on Data Breach Preparedness, the Ponemon Institute found that 37 percent of surveyed organizations said they had not reviewed or updated their data breach response plan since creating it. Another 41 percent said they have no set time for reviewing or updating their plan. Fourteen percent review it once a year and just 3 percent review quarterly.
On a positive note, the study showed that more companies than ever are creating plans, and awareness is high regarding the importance of being prepared to deal with a data breach. The number of companies with a data breach response plan increased 12 percent between 2013 and 2014, with 73 percent of this year’s respondents reporting they have a plan in place. More companies also now have a data breach response team – 72 percent in 2014.
That’s very good news considering that data breaches are occurring more frequently. The number of companies reporting a data breach increased 10 percent, with 43 percent reporting breaches, and 60 percent saying their company had experienced more than one breach in the past two years.
With more breaches occurring and cyber-attacks in constant flux, cyber criminals seem to develop new tactics on an almost-daily basis. To be effective, a data breach response plan must be as flexible and dynamic as the situations it’s supposed to address. Reviewing, updating and practicing your data breach response plan should happen regularly – far more often than quarterly – and certainly not never!
Improving data breach response requires continual review of your response plan, fire drills to test how well it works, adequate budget to administer and maintain the plan, and more oversight from senior executives. One more piece of good news – it seems companies are aware of what needs to be done to improve their data breach response. In our survey, 77 percent said conducting more fire drills and practicing breach response was the single-most important step they could take toward owning a more effective data breach response.
The full survey report is available for free download here.
Legal Notice: The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality information but make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specific circumstances of each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.