Data privacy survey respondents indicate organizationwide breaches are on the rise

March 23, 2018
Medicare Web

More than half (56%) of the respondents to Ponemon Institute’s Fifth Annual Data Breach Preparedness Study, sponsored by Experian Data Breach Resolution, reported experiencing an organizationwide breach. Of these respondents, 51% reported that their organization’s data response plan is not very effective.

The number of respondents experiencing an organizationwide breach has increased by 4% since last year. The 2018 study reviewed responses from 624 executives and staff working in privacy, compliance, and IT security in the U.S. The reasons why 51% of respondents do not rate their breach response plan as very effective include:

  • 75%, the inability to minimize the financial and reputational consequences of a material data breach
  • 64%, The inability to prevent negative public opinion, blog posts, and media reports
  • 60%, The inability to prevent the loss of customers’ and business partners’ trust and confidence
  • 60%, Being unprepared to respond to a data breach involving business confidential information and intellectual property

Respondents were allowed to submit multiple answers. Findings revealed that of the companies who have a data breach notification plan (88%), many respondents (40%) have no established time period for reviewing and updating the plan. In fact, 26% reported not reviewing or updating the plan since it was put in place. The remaining respondents reported that company updates occur either once each year (27%), twice per year (5%), or quarterly (2%).  

Requirements in company data breach response plans include:

  • Contact information for all members of the data breach response team (94%)
  • Required C-level approval of the data breach response plan (75%)
  • Procedures for communicating with state attorneys general and regulators (69%)
  • Procedures for communicating with employees when a data breach occurs (55%)
  • Procedures for communications with investors (50%)
  • Procedures for communications with business partners and other third parties (46%)

The top three solutions suggested by respondents to increase the effectiveness of data breach response plans included conducting more drills to practice data breach response (85%), increased participation and oversight from senior executives (80%), and assigning individuals to the team with a high level of security expertise (75%).

Related Topics: 
HIPAA