Survey: Companies Across Industries Don’t Learn from Breaches

Register now

A new multi-industry survey shows many companies don’t sufficiently take steps to improve security and mitigate future incidents following a significant data breach.

Security research firm Ponemon Institute conducted the survey of 471 respondents, with health care among the most represented industries, under contract with the data breach resolution unit of Experian, a credit bureau. All responding organizations had experienced at least one breach, with 52 percent having two or more.

Three quarters of the organizations have had a material breach that resulted in negative media coverage and public opinion, and loss of customers and business partners. However, nearly 40 percent of surveyed organizations have not developed a formal breach preparedness plan even after having a breach. Only 10 percent have data breach or cyber liability insurance and large majorities do not provide clear communication and notification to breach victims.

Security tools widely unused among responding organizations include encryption and forensics capabilities to understand the nature and extent of a breach. On 25 percent have tools to ensure the root cause of a breach has been fully contained, according to the survey.

A report on survey results, “Is Your Company Ready for a Big Data Breach?” is available here. Registration is required.

For reprint and licensing requests for this article, click here.