A new study shows that 43% of companies experienced a data breach in the last year, fueling concern about information protection and privacy. Released yesterday by Experian Data Breach Resolution and the Ponemon Institute, the study found that the number of breach incidents is growing quickly – 60% of respondents said their company experienced more than one data breach in the past two years, compared to 52% the previous year.
In a positive note, businesses recognize the growing threat and are attempting to be more prepared. The study found that nearly three-quarters of businesses (73%) currently have data breach response plans and teams in place, a 12% increase from last year.
However, 68% still said they felt unprepared to respond to a data breach, and 78% admitted they don’t regularly update their data breach response plans to deal with changing threats.
“While more organizations have data breach preparedness on their radar and have developed a response plan, a majority of companies are not putting the support and resources behind having it truly be effective,” said Michael Bruemmer, vice president of Experian Data Breach Resolution. “A checklist response plan alone doesn’t mean you’re prepared. There should be an incident response team in place that practices the plan and ongoing investment from the C-suite to ensure technologies are up-to-date, external breach experts are secured, and selection of an identity protection product for affected customers is determined prior to an incident to ensure a quick and smooth response.”
Research from the Ponemon Institute indicates mistakes made by employees are a frequent cause of data breaches. More than half of businesses (54% compared to 44% last year) are conducting privacy and data protection awareness training for employees and others with access to sensitive personal information. However, only a third of companies (34%) have provided training to customer service personnel on how to answer customer concerns in the wake of a data breach.
The study stressed the importance of having a formal incident response plan in place. According to the institute, the average cost for each lost or stolen record is $201. With a plan, the average cost is reduced by $17 per record, and reduced by another $10 with a chief information security officer (CISO) in place. The average cost of a data breach to a U.S. company is $3.5 million.
The survey, which was administered this year, contained responses from 567 executives in the U.S.