March 4, 2019

Data breach incidents remain high as two thirds of companies unprepared

By Lucy Ingham

Despite growing regulation and awareness around data breaches, the majority of companies are still not prepared, and many have been hit by multiple data breach incidents.

According to research by The Ponemon Institute for Experian, one in ten companies have had more than five data breach incidents in the last two years. A further 35% have suffered between one and three data breaches over the same period.

The research, which is published today in a study entitled Is Your Company Ready for a Big Data Breach?, also found that just 36% of companies felt they were perepared to respond to a data breach involving confidential business information, while just the same number were in compliance with GDPR.

59% also do not feel they would be able to handle a ransomware incident.

Data breach incidents and the role of the C-suite

Central to a lack of preparedness for data breach incidents is the role of senior executives.

49% of those surveyed did not believe their company’s senior executives knew about plans to deal with a data breach – a particularly concerning statistic given the financial and reputational damage such a breach can cause.

81% also felt that if senior executives were more involved in response plans for data breaches, their wider company would be better prepared.

These response plans are also often less-than-ideal. 42% said their company had no time period for reviewing and updating such plans, with 23% having never updated it.

54% also had no plans in place for data breaches that took place overseas.

“We’d like to see 100% of companies prepared and trained to handle any kind of data breach whether it’s malware infiltration or ransomware. Prevention is the key, but if an incident occurs, swift management afterward will greatly minimise the damage,” said Michael Bruemmer, vice president of data breach resolution at Experian.

“Organisations should implement a strong security posture staying up to date with the latest attack threats, engage in pre-breach agreements with security partners and hold a practice drill every year with a dedicated response team.”