Experian has been a sponsor of the Annual Ponemon Data Breach Preparedness Study for nine years. During this time, I’ve seen companies change their operations to address the influx of increasing threats and evolve their infrastructure to prepare and react. Although I’ve had a front-row seat in this fast-changing situation, somehow, every year, the results of this study still surprise and intrigue me.
Speaking of Infrastructure, Let’s Talk Supply Chains
The 2022 report explores the value of Business Continuity Management (BCM) and Crisis Management plans to minimize a data breach’s consequences. This topic is similar to one highlighted in our 2022 Data Breach Industry Forecast, which echoes that companies and organizations should expect these two areas to gain momentum, a finding based on predictions that natural disasters will continue to complicate supply chains. Also, the Forecast indicates that infrastructure cyberattacks will increase among the electrical grid and transportation networks.
This Year’s Surprise
Given all that we know and have gathered about data breaches over almost a decade, it was shocking to learn that this year’s Ponemon study found that only 56 percent of organizations have a BCM plan, and 53 percent have a crisis management plan. I seriously thought those numbers would be significantly higher. It goes to show there’s much more opportunity, learning, and preparation to go around.
Cyber Threats and Third Parties
The 2022 report also demonstrated third parties’ role in data breaches. We saw that third parties in the supply chain were the cause of 50% of reported breaches, which increased to 53% when looking at only U.S.-based companies.
This data point is critical because as dependence on third-party vendors increases to improve customer experience, adapt to remote work, or improve operations, companies need to be more diligent in checking the cybersecurity protocols of their partners. If not, vulnerabilities to cyber threats can increase. Also, a lack of adherence to ever-changing government regulations could cause legal troubles.
I’ll close with one last point I found interesting: While 91% of organizations have data breach plans in place, only 56% require an audit of third parties, exposing them to a breach.
This information illuminates the point that companies need to consider all facets of their business when planning for a data breach – that’s one thing that shouldn’t come as a surprise.