Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Sept. 25 — Although more companies have data breach response plans in place, many corporate executives still believe their companies are unequipped to handle the fallout from a breach, according to a survey report on corporate data breach preparedness by Experian Data Breach Resolution and the Ponemon Institute released Sept. 24.
The results of the survey also reveal that the frequency of data breaches is increasing, Michael Bruemmer, vice president of Experian Data Breach Resolution, told Bloomberg BNA Sept. 18 on the sidelines of the combined International Association of Privacy Professionals Privacy Academy and Cloud Security Alliance Congress in San Jose.
The most important takeaway from the survey report is that 27 percent of companies don't have a data breach plan in place, Bruemmer said.
The report was based on 567 surveys of executives at Fortune 500 companies.
Almost half (43 percent) of companies have suffered at least one security incident in the past two years, a figure that is up 10 percent from 2013, according to the report.
Seventeen percent of the survey respondents weren't sure if their company had a breach, Bruemmer pointed out.
Although breach incidents are on the rise, what drew media attention to data breaches over the past year was the number of people affected, Bruemmer said. He pointed to a data breach in South Korea, where personal information from 140 million credit card accounts was stolen from three credit card companies.
Bruemmer said he doesn't expect breaches to decrease or go away in the foreseeable future. More secure credit card technology—known as “chip and PIN”—won't be fully implemented for over a year, and 80 percent of breaches are attributable to human error, he noted.
Seventy-three percent of companies have an incident response plan in place, a figure that is up 12 percent from 2013, Bruemmer said.
The survey also revealed that 48 percent of companies increased investments in security technologies over the past year, according the report. Twenty-six percent of companies have a cybersecurity insurance policy, an increase from 10 percent in 2013, the report said.
However, 68 percent of the survey respondents said they still felt unprepared to handle breaches, a “direct reflection of the frequency and types of threats,” Bruemmer said. Thirty percent felt their company's incident response plan was ineffective, he added.
Bruemmer called breach response an “exercise in building trust with consumers” and said a company's breach communications must be consumer-friendly.
The survey report recommended that: companies frequently review incident response plans and conduct security risk assessments; the board of directors, chief executive officer and chairman play an “active role” in data breach preparation and response; employees receive training on the protection of sensitive data; and companies clearly define data breach response accountability and responsibility.
To contact the reporter on this story: Katie W. Johnson in Washington at email@example.com
To contact the editor responsible for this story: Donald G. Aplin at firstname.lastname@example.org
The report “Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness” is available at http://www.experian.com/assets/data-breach/brochures/2014-ponemon-2nd-annual-preparedness.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)