Data Breach Response: A Must For Every Company, And More Businesses Are Getting The Message
Experian and the Ponemon Institute have released a second survey in a now annual research project indicating more companies are prepared for a data breach, with most incorporating cyber insurance in their planning.
The study, reported on October 3 by the Insurance Information Institute (I.I.I.) surveyed 567 executives in the United States, and discovered that close to three out of four companies (73 percent) now have response plans in place in the event of a data breach. This figure is from 61 percent in 2013. In keeping with these numbers, 72 percent said they have a data breach response team in place, an increase from 2013’s 67 percent statistic.
Cyber insurance by the companies has more than doubled, with more than one in four (26 percent) admitting to having a data breach or cyber insurance policy. While this isn’t close to a majority at present, it does represent a one-year climb from 10 percent in 2013. Sixty-eight percent remain uncovered while six percent of participants were uncertain as to whether their company had a policy.
In spite of the attempt that many companies are making towards preparedness, it’s pretty clear from the responses that the executives don’t have faith in their efforts. Despite having data breach plans in place, less than one-third (30 percent) graded their companies as “effective” or “very effective” in development and execution, the survey found.
The major reason that plans lacked effectiveness was that they were largely ignored after creation. In other words, there was no ongoing implementation plan – just a rudimentary plan that did not evolve to meet the needs of continuing threats.
Around 41 percent of the participants were not reviewed or updated on a regular basis; 37 percent said the plans were not reviewed or updated since creation.
The findings were especially disturbing since 60 percent of those surveyed said their company had been victimized by more than one data breach over a two-year period, an eight percent increase from 2013. Close to half (43 percent) said a data breach had targeted their company in the last year, a 10-percent rise from 2013.
1. Threats evolve; so should action plans.
The problem with many companies is that they get so focused on core objectives, they tend to treat cyber threats as afterthoughts instead of legitimate causes for concern. They have yet to make peace with the fact that dealing with data breach threats should be a regular budget line item. If there is one thing for certain, it’s that hackers and thieves are always finding new ways to exploit technology for their own personal gain. Companies need to beat these individuals at their own game by employing pros who stay out ahead of threats and position the business accordingly.
2. The low rate of cyber insurance coverage is entirely unacceptable.
Considering all the ways cyber insurance protects a business from the fallout of a data breach or cyber attack, it’s surprising to say the least that so few companies find it worthy of purchasing. Cyber insurance can pay claims whenever a breach occurs; it can provide resources for data breach response; and it can close gaps between traditional coverage and financial need. While most large corporations are aware of the cyber insurance necessity, small business owners tend to overlook this vital component to their safety.
3. The dangers are not going away.
Data breaches and cyber attacks are here to stay. They are an unfortunate reality of doing business in the 21st Century. As the study shows, there are more attacks happening every year, and they are profitable whether levied on a giant company or a small business. In fact, since small businesses are so ill-protected, it can often be more profitable going after them. They’re essentially easier marks.
The study definitely shows room for improvement when it comes to guarding against a data breach or cyber attack. If you are a small business owner or the head of a major company, it’s better to create a plan of action today and include cyber insurance as a vital part of it. The days of waiting until an attack occurs to do anything should be over. There is entirely too much at stake not to be vigilant.