Experian finds more than a third of companies are still unprepared to respond to a data breach

Press Release from Experian

COSTA MESA, Calif., March 4, 2019 /PRNewswire/ -- Are companies ready for today's sophisticated cybercriminals and impact of data breaches? Experian® today released its annual corporate preparedness study, Is Your Company Ready for a Big Data Breach?, revealing that progress has been made, but companies need to do better. Conducted by the Ponemon Institute, the findings reveal that only 36 percent of businesses are prepared to respond to a data breach and confidence levels to control growing threats is low.

Experian. (PRNewsFoto/Experian)

The study identified these key areas for improvement:

  • C-Suite Engagement:49 percent of survey respondents say their executives are unknowledgeable about plans to deal with a data breach. A majority (81 percent) feel that increased participation and oversight from senior executives would make their response plan more effective.
  • Security Processes:The biggest barrier to improving security is lack of visibility into end-user access of sensitive information (63 percent) while 60 percent say it's the proliferation of cloud services. Hindering improvement is investment in security technologies with a third not planning any investments in the next year.
  • Employee Training:More than a quarter of organizations (27 percent) don't have a privacy/data protection awareness and training program for employees with access to sensitive or confidential information. Less than half of companies (47 percent) tackle spear phishing attacks.
  • Response Plan:42 percent of professionals surveyed say their company doesn't have a set time period for reviewing and updating their data breach response plan, and 23 percent haven't updated their plan since it was put into place. Less than half (46 percent) have procedures for responding to a data breach involving overseas locations.

"We'd like to see 100 percent of companies prepared and trained to handle any kind of data breach whether it's malware infiltration or ransomware. Prevention is the key, but if an incident occurs, swift management afterward will greatly minimize the damage," said Michael Bruemmer, vice president of Data Breach Resolution at Experian. "Organizations should implement a strong security posture staying up to date with the latest attack threats, engage in pre-breach agreements with security partners and hold a practice drill every year with a dedicated response team."

Lack of preparation leads to low confidence levels

Executives still feel challenged and concerned about being fully prepared for a data breach. Only 52 percent rated their plans as very effective, just a slight increase over 2017 (49 percent). When it comes to responding to a data breach involving business confidential information and intellectual property, only 36 percent feel prepared to respond. More than half (59 percent) aren't confident that they could handle ransomware.

Consequently, businesses continue to struggle with preventing security incidents. The study found that 35 percent had two to three data breaches in the past two years, and approximately 1 out of 10 companies (11 percent) experienced more than five data breach incidents in this timeframe. Among the respondents who had a data breach, 43 percent were global in nature. The report further recognized that businesses are struggling to comply with the General Data Protection Regulation (GDPR) — only 36 percent are following the rule.

After a data breach occurs, companies feel even less confident about managing the aftermath:

  • Less than a quarter (21 percent) feel confident in their ability to minimize the financial and reputational consequences.
  • Only 4 in 10 say they're effective at doing what needs to be done to prevent the loss of customers and keep business partners' trust and confidence after a breach.
  • 53 percent don't have a cyber insurance policy that can help recoup expenses and cover damages.

To read the full complimentary report, visit http://www.experian.com/data-breach/2019-data-breach-preparedness.html.

About Experian
Experian is the world's leading global information services company. During life's big moments — from buying a home or a car, to sending a child to college, to growing a business by connecting with new customers — we empower consumers and our clients to manage their data with confidence. We help individuals to take financial control and access financial services, businesses to make smarter decisions and thrive, lenders to lend more responsibly, and organizations to prevent identity fraud and crime.

We have 16,500 people operating across 39 countries and every day we're investing in new technologies, talented people and innovation to help all our clients maximize every opportunity. We are listed on the London Stock Exchange (EXPN) and are a constituent of the FTSE 100 Index.

Learn more at www.experianplc.com or visit our global content hub at our global news blog for the latest news and insights from the Group.

Experian and the Experian marks used herein are trademarks or registered trademarks of Experian and its affiliates.Other product and company names mentioned herein are the property of their respective owners.

Richard Krueger
1 212 805 3025

Sandra Bernardo
1 949 567 3676

Companies Mentioned in this Press Release:
Business Categories Mentioned in this Press Release: