Tag: data breach preparedness

Experian has been a sponsor of the Annual Ponemon Data Breach Preparedness Study for nine years. During this time, I’ve seen companies change their operations to address the influx of increasing threats and evolve their infrastructure to prepare and react. Although I’ve had a front-row seat in this fast-changing situation, somehow, every year, the results of this study still surprise and intrigue me. Speaking of Infrastructure, Let’s Talk Supply Chains The 2022 report explores the value of Business Continuity Management (BCM) and Crisis Management plans to minimize a data breach’s consequences. This topic is similar to one highlighted in our 2022 Data Breach Industry Forecast, which echoes that companies and organizations should expect these two areas to gain momentum, a finding based on predictions that natural disasters will continue to complicate supply chains. Also, the Forecast indicates that infrastructure cyberattacks will increase among the electrical grid and transportation networks. This Year’s Surprise Given all that we know and have gathered about data breaches over almost a decade, it was shocking to learn that this year’s Ponemon study found that only 56 percent of organizations have a BCM plan, and 53 percent have a crisis management plan. I seriously thought those numbers would be significantly higher. It goes to show there’s much more opportunity, learning, and preparation to go around. Cyber Threats and Third Parties The 2022 report also demonstrated third parties’ role in data breaches. We saw that third parties in the supply chain were the cause of 50% of reported breaches, which increased to 53% when looking at only U.S.-based companies. This data point is critical because as dependence on third-party vendors increases to improve customer experience, adapt to remote work, or improve operations, companies need to be more diligent in checking the cybersecurity protocols of their partners. If not, vulnerabilities to cyber threats can increase. Also, a lack of adherence to ever-changing government regulations could cause legal troubles. I’ll close with one last point I found interesting: While 91% of organizations have data breach plans in place, only 56% require an audit of third parties, exposing them to a breach. This information illuminates the point that companies need to consider all facets of their business when planning for a data breach – that’s one thing that shouldn’t come as a surprise.

Experian’s 7th Annual Data Breach Preparedness Study is available now, and its findings show organizations struggling in a few areas that are sure to see data breach activity increase this year. New to report this year: we surveyed IT and IT security, compliance, and privacy professionals in both the U.S. and the EMEA to compare the regional differences amongst organizations and their outlook around data breach preparedness. A few themes that stuck out in the study this year were: Spear Phishing and Ransomware 69% of respondents had one or more spear phishing attacks in 2019 Since 2017, respondents who say their organizations are very confident or confident in their ability to deal with spear phishing attacks has declined from 31% to 23% 36% of respondents say their organizations had a ransomware attack last year with only 20% feeling confident in their ability to deal with it The average ransom was $6,128, and 68% of respondents say the ransom was paid Confidence in Data Breach Response Plans From a reputation standpoint, only 23% of respondents say their organization is confident in its ability to minimize the financial and reputational consequences of a material data breach Only 38% of respondents believe they are effective at doing what needs to be done following a data breach to prevent the loss of customers’ and business partners’ trust and confidence Global Data Breaches Only 34% of respondents say they are confident their organizations are able to respond to global breaches, as breaches increasingly become international in scope Read the full results of Experian's 7th Annual Data Breach Preparedness Study and see how you compare to other organizations when it comes to data breach preparedness. Download the full study

Our second annual data breach preparedness study, Is Your Company Ready for a Big Breach?, conducted by the Ponemon Institute, reveals good news and bad news for businesses concerned with data security—and that should be all business. First, the good news: more companies are acting to address data breach risks. The majority (73%) of organizations now have a data breach response plan in place – 12 percent more than in 2012. And nearly half (48%) have boosted investment in security technologies in the past 12 months, aiming to better detect and respond to a data breach. Now, for the not-so-good news: they’re not doing enough, and don’t have confidence in the effectiveness of their current measures. Survey results illustrate that not everyone is taking all the necessary steps to prepare for a data breach: A majority of 78 percent don’t regularly update their data breach response plans to address evolving threats. About two-thirds don’t have trained customer service staff who can respond to customer questions, concerns or complaints if a breach occurs. Only 29 percent of companies involve the CEO in dealing with security risks. Nearly three-quarters don’t have cyber insurance policies. Just 44 percent conducted a technical impact assessment to understand potential fallout from an incident. Less than a third had SIEM systems to facilitate early detection of an incident. 66 percent lack Mobile Device Management (MDM) to protect sensitive information from being pushed to mobile devices. Those who have made provisions don’t necessarily feel more secure because of them: 62 percent don’t feel their organizations are prepared to respond to a data breach. 49 percent didn’t feel they were prepared to respond to the theft of information that would require notification to victims and regulators. Just a quarter were confident they could communicate about a breach and manage customer needs. 40 percent worry about the potential for a third party losing their data. Insider threats concern 56 percent, with 43 percent citing BYOD and cloud services as their top two internal threat concerns. As to post-breach response, we are pleased to see however that companies are well aware of the importance of providing customers involved in a breach with identity theft protection products and access to a call center; in fact, they cited those two as the most important services companies could provide post-breach. Many of the concerns companies expressed over data breach preparedness and response – and in particular, worries over customer communication and regulatory compliance – can be addressed by preparing a response plan and practicing the plan on an ongoing basis.  It’s also important to secure external partners such as legal counsel and a public relations firm, and make a selection of a quality identity protection product to offer affected customers ahead of time.  When a breach occurs, the complete response team and moving parts are ready to allow for a quick and smooth response. Learn more about our Data Breach solutions