As the threat of data breaches continues to rise, organizations appear to be stagnating in their confidence about breach response preparedness.
According to Ponemon Institute's fourth annual study "Is Your Company Ready for a Big Data Breach," sponsored by Experian Data Breach Resolution, 59 percent of survey respondents said they were confident in their ability to respond to the theft of sensitive and confidential information requiring notification to victims and regulators, up from 51 percent in 2014.
The study compiled answers from 619 executives and employees working in privacy, compliance and IT security in the U.S.
Here are six more findings from the study on organizations' preparedness and confidence in responding to a breach.
1. The majority of respondents (86 percent) said their company has a data breach plan, but just 42 percent say the plan is effective or very effective. Last year, 34 percent of respondents said their data breach plan was effective or very effective.
2. While 59 percent of respondents said they are confident in their ability to respond to the theft of sensitive and confidential information that requires notifying victims and regulators, just 41 percent said they are confident in their ability to respond to a breach involving business confidential information and intellectual property. What's more, just 27 percent said they are confident in their ability to minimize the financial and reputational consequences of a material data breach.
3. While senior leadership is critical in data breach response plans, 57 percent of respondents said their board of directors, chairman and CEO are not involved in plans to mitigate a potential data breach. Just 26 percent of respondents believe their board is willing to assume responsibility for successfully executing an incident response plan.
4. Less than one-quarter of respondents said they update their data breach response plan on a yearly basis.
5. Ransomware is a growing threat to organizations, but just over half — 55 percent — of respondents report actively protecting against this type of malware, and just 17 percent said their companies educate employees about the risk of ransomware.
6. Companies are, however, more actively auditing third party's security procedures. In 2015, 39 percent of organizations required such audits, but 50 percent required them in 2016. Additionally, 93 percent of organizations require third parties and business partners to notify them if/when they have a breach, and 80 percent require third parties to have an incident response plan that they can review.
More articles on cybersecurity:
J&J warns patients about cybersecurity vulnerabilities in insulin pump
This cybersecurity expert was shut down by hackers
Thoughts on big threats for hospitals today