While many companies have taken impressive steps in an effort to prepare themselves for the likely inevitability of a data breach, a new study from Experian found that more work needs to be done.
To understand what organizations have done, are doing and still need to do to be ready for a big data breach, Experian commissioned the Ponemon Institute to conduct a study, the results of which have been published in its annual corporate preparedness study, Is Your Company Ready for a Big Data Breach?
According to the results, there are several steps companies need to take in order to improve, as "only 36% of businesses are prepared to respond to a data breach and confidence levels to control growing threats are low."
In order to effectively improve data breach readiness, the study found that the C-Suite needs to be more engaged. Of the survey respondents, 49% said their executives lack an awareness about plans to deal with a data breach. In addition, the report noted that 81% of respondents believe that increased participation and oversight from senior executives would make their response plan more effective.
Additional factors that would improve data breach readiness include increased visibility and employee training. The study found that 63% of respondents are handicapped by the lack of visibility into end-user access of sensitive information. Also hindering progress is the finding that 27% of organizations don’t have a privacy or data protection awareness and training program for employees that have access to sensitive or confidential information.
Despite the escalating number of credential stuffing and business email compromise attacks, less than half of participating companies (47%) tackle spear phishing attacks as part of their training.
"We'd like to see 100 percent of companies prepared and trained to handle any kind of data breach, whether it's malware infiltration or ransomware. Prevention is the key, but if an incident occurs, swift management afterward will greatly minimize the damage," said Michael Bruemmer, vice president of data breach resolution at Experian, in a press release.
"Organizations should implement a strong security posture staying up to date with the latest attack threats, engage in pre-breach agreements with security partners and hold a practice drill every year with a dedicated response team."