This is no shock to anyone who has been paying attention to data security: Nearly every organization, no matter its size or location or industry are at significant risk of a data breach. How significant? Well, if a survey just published by ID Experts, Mitigating the Inevitable: How Organizations Manage Data Breach Exposures is any indication, most organizations have experienced a data breach whether or not they know it.
According to this report, the majority of data breaches are so small that they go undetected for long stretches of time. And, unfortunately, when they are detected, the majority of organizations don’t have the breach and incident response capabilities on hand to mitigate the damage.
According to the survey, 80% of organizations are concerned with big breach consequences – think things like response costs, customer loss, a hit to their brand reputation, regulatory fines and so on. Earlier this month, I posted about a survey conducted last year that found 59% of enterprises were covered by some form of cybersecurity insurance; this survey found 64%.
“The report indicates that there is a lot of concern about data breach impact and uncertainty about data breach response best practices. Most organizations are not prepared to manage the high-risk, high-threat landscape in which we do business,” said Jeremy Henley, director of breach services at ID Experts, said in a statement. “60% of respondents rely solely on the IT department to manage data breach response. However, best practice is a cross-functional team with a combination of specialties to handle a data breach to fully protect the organization and meet privacy and regulatory compliance,” he continued
Key Findings of the Report
- 80% of all surveyed organizations are concerned about the consequences of a large public data breach. 17% of respondents have experienced a data breach that they are aware of over the previous 12 months. The vast majority of the data breaches experienced are small, consisting of a loss of fewer than 500 records. The median data breach is 100 records.
- Only 45% of respondents believe their company has adequate resources to detect all breaches.
- 75% of respondents have developed an incident response plan but only 42% have tested the plan.
- 60% of respondents said that the information technology (IT) department is responsible for managing the data breach response.
- 64% purchase cyber insurance. The vast majority of breaches fall below the cyber insurance policy deductible. Most organizations use internal resources to manage small breaches. 51% have selected data breach response vendors. 75% prefer to receive all cybersecurity risk services from a single vendor.