Much like washing the dishes after a good meal, the cleanup after a data breach can get nasty. Unfortunately, many businesses do not seem to be getting it right.
According to a new study from the Ponemon Institute and the Experian Data Breach Resolution, the majority of companies experiencing or anticipating business disruptions due to a serious data breaches still struggle to take the proper measures to mitigate damage in the aftermath of an incident.
Among the study’s findings, 39 percent of the 471 respondents said they have not developed a formal incident breach preparedness plan even after experiencing a breach, and just 10 percent of organizations said they have data breach or cyber insurance. In addition, only 21 percent of respondents have a communications team trained to assist in responding to victims, even though 75 percent said they expect to or have had a breach that results in negative media coverage and public opinion.
“A majority of companies we surveyed indicate they have already or are very likely to lose customers and business partners, receive negative publicity and face serious financial consequences due to a data breach,” said Michael Bruemmer, vice president at Experian Data Breach Resolution, in a statement. “Yet, despite understanding the consequences, many companies struggle to take the right steps to mitigate the fallout following an incident, demonstrating a need for better awareness and investment in the tools that can alleviate negative customer perceptions.”
The majority of the organizations also said they lack mechanisms to verify that contact with each victim was made, and only 38 percent have mechanisms for working with victims in special circumstances.
From a technological standpoint, only 36 percent said they have the tools or technologies to assess the size and impact of a data breach, while just 19 percent have advanced forensics to determine the nature and root causes of cyber-attacks. Only 25 percent said they have the ability to ensure the root cause of the data breach was fully contained.
The statistics are all the more troubling because 76 percent of the respondents believe their organization either will or already has had a material data breach resulting in the loss of customers and business partners.
“The study findings show that organizations need to prioritize preventing future breaches and better manage post-breach response,” said Dr. Larry Ponemon , chairman and founder of the Ponemon Institute, in a statement. “In addition to improving technical safeguards, it’s clear that companies also should focus more attention on meeting the needs of affected consumers that suffer a data breach.”
