“The Fifth Annual Study: Is Your Company Ready for a Big Data Breach?,” sponsored by Experian Data Breach Resolution and conducted by the Ponemon Institute, analyzes the progress companies have made in preparing for a major cyberattack. Preparedness has never been more important with the threat of breach on the rise: of the organizations represented in this year’s study, 56 experienced a breach compared to 52 percent last year.
While threats show no sign of slowing, organizations can help mitigate the risk of an attack by taking a proactive approach to data breach preparedness. We’ve called out some of the key takeaways from this year’s report below:
- Good governance in data breach preparedness starts at the top. The success of any data breach response plan begins with close involvement from the executive team. However, only 48 percent of respondents say their company’s C-suite executives are informed about their data breach response plan and only 39 percent know that one even exists. With senior leadership engagement, response plans receive the backing and resources needed for proper development and testing.
- Data breach response plans need to be reviewed to be effective. The study saw a significant gap between completing and actually practicing a breach preparedness plan. Though 88 percent of respondents say their organization has a data breach response plan in place, 66 percent have no scheduled time to update or review them. This is despite the fact that most respondents understand that practice makes perfect; 85 percent say conducting more data breach drills will increase their plan’s effectiveness.
- Work with third parties and vendors to minimize cyber threats. Businesses must think not only about their own cybersecurity defenses, but also how an attack on a vendor would affect them. Ninety-five percent of respondents say their companies take steps to minimize the consequences of a data breach involving a business partner or other third party. Organizations can gain a better understanding of the cybersecurity capabilities of vendors or partners by requiring third parties to complete detailed questionnaires about their security practices or conduct security audits and tests to help assess the strength of their defenses.
- Apply best practices in data breach preparedness. Acting swiftly and strategically following a data breach is critical to regaining security and maintaining stakeholder confidence. The study found that 19 percent of the total respondents feel their organizations’ data breach response plan is highly effective. New to the study this year, analyzing this group of “high performers” revealed those that feel more confident in their data breach response plan also feel more confident in their ability to prevent negative public opinion, minimize the loss of trust and respond to the loss of their intellectual property.
Data breach preparedness is a critical component of doing business in the modern era. The findings in this year’s study shed light into the most overlooked areas leaving organizations vulnerable to attack. Companies must take action to tackle these issues head-on by incorporating greater leadership involvement and awareness at every level of the organization. With the threat of a data breach continuing to increase, a detailed data breach response plan that is continually practiced and revisited throughout the year is no longer optional, but essential.