Login Register Subscribe
Current Issue

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

More companies form data breach response plans

Reprints

More companies are introducing data breach response plans, but relatively few have confidence in their effectiveness, says a study issued Tuesday by the Ponemon Institute L.L.C.

In findings that bear a close resemblance to those a year ago, the survey by the Traverse City, Michigan-based data security research firm of 600 executives, which was conducted in September, found that while 81% of executives have a data breach plan, compared with 61% in 2013, just 34% said they are either “very effective” or “effective.” This compares with the 30% who gave this response in 2014's survey.

“Thus, major gaps remain in how they are comprehensively preparing for a data breach,” says “Third Annual Study: Is Your Company Ready for a Big Data Breach?” which was sponsored by Experian Data Breach Resolution, a unit of Costa Mesa, California-based Experian Information Solutions Inc.

A total of 35% of respondents said their organization purchased data breach or cyber insurance policies, compared with 26% in 2014 and 10% in 2013's study.

Asked to cite the two most important reasons to purchase the insurance, the responses were: C-level executives and board members believe it is important, cited by 50%; it provides resources to help the organization understand cyber threats, 49%; access to expertise, 44%; a pre-vetted list of qualified provider and consultants, 31%; and more favored rates with third parties who help respond to the data breach, 23%.

Among other survey findings, 39% of respondents said their boards, chairmen and CEOs are involved in the issue at a high level, compared with 29% in 2014.

“Data breach response plans are often missing crucial steps,” says the report, however. For instance, it states that despite a rise in international data breaches and the number of companies operating overseas, 37% of respondents do not address procedures for responding to a data breach involving an overseas location.

The study also found that among companies that provide employee security training, 40% conduct it only once, and 31% do so sporadically.