Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Many Organizations Not Ready for Data Breach Cleanup, Study Finds

Much like washing the dishes after a good meal, the cleanup after a data breach can get nasty. Unfortunately, many businesses do not seem to be getting it right.

Much like washing the dishes after a good meal, the cleanup after a data breach can get nasty. Unfortunately, many businesses do not seem to be getting it right.

According to a new study from the Ponemon Institute and the Experian Data Breach Resolution, the majority of companies experiencing or anticipating business disruptions due to a serious data breaches still struggle to take the proper measures to mitigate damage in the aftermath of an incident.

Among the study’s findings, 39 percent of the 471 respondents said they have not developed a formal incident breach preparedness plan even after experiencing a breach, and just 10 percent of organizations said they have data breach or cyber insurance. In addition, only 21 percent of respondents have a communications team trained to assist in responding to victims, even though 75 percent said they expect to or have had a breach that results in negative media coverage and public opinion.

“A majority of companies we surveyed indicate they have already or are very likely to lose customers and business partners, receive negative publicity and face serious financial consequences due to a data breach,” said Michael Bruemmer, vice president at Experian Data Breach Resolution, in a statement. “Yet, despite understanding the consequences, many companies struggle to take the right steps to mitigate the fallout following an incident, demonstrating a need for better awareness and investment in the tools that can alleviate negative customer perceptions.”

The majority of the organizations also said they lack mechanisms to verify that contact with each victim was made, and only 38 percent have mechanisms for working with victims in special circumstances.

From a technological standpoint, only 36 percent said they have the tools or technologies to assess the size and impact of a data breach, while just 19 percent have advanced forensics to determine the nature and root causes of cyber-attacks. Only 25 percent said they have the ability to ensure the root cause of the data breach was fully contained.

The statistics are all the more troubling because 76 percent of the respondents believe their organization either will or already has had a material data breach resulting in the loss of customers and business partners.

“The study findings show that organizations need to prioritize preventing future breaches and better manage post-breach response,” said Dr. Larry Ponemon , chairman and founder of the Ponemon Institute, in a statement. “In addition to improving technical safeguards, it’s clear that companies also should focus more attention on meeting the needs of affected consumers that suffer a data breach.”

Written By

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...