A newly released report on the preparedness of enterprises to deal with a data breach has found that awareness of data security is the highest it's ever been and more companies are instituting breach response plans to mitigate the effects of a cyberattack.
The study, conducted by the Ponemon Institute and information services group Experian, found that 48 percent of organizations have increased their security technology investments in the last year and 73 percent instituted a data breach response plan during that same time.While companies are doing more to prevent breaches and protect against their effects, the second annual study found that enterprise decision-makers are worried about the effectiveness of the response plans they have in place, the Sacramento Business Journal reported. In the last year, 43 percent of organizations surveyed suffered a data breach, an increase of 10 percent from 2013. Even more troubling, 60 percent of participants reported being hit by multiple data breaches in the last two years, according to MarketWatch, suggesting companies are being targeted repeatedly and are unable to prevent being attacked.
The report went on to reveal that confidence among executives about their companies' abilities to manage a data breach is at an all-time low. More than two-thirds of respondents reported feeling unprepared to respond to a security incident and 30 percent felt their data response plans for such an event were ineffective. Another 62 percent admitted that they didn't have confidence in their abilities to respond to a breach specifically involving confidential business information or intellectual property. A majority of those surveyed said that they'd never updated their security plans to account for new cyberthreats, and those who did make updates didn't do so regularly.
"While more organizations have data breach preparedness on their radar and have developed a response plan, a majority of companies are not putting the support and resources behind having it truly be effective," said Michael Bruemmer, vice president, Experian Data Breach Resolution. "A checklist response plan alone doesn't mean you're prepared.
"There should be an incident response team in place that practices the plan and ongoing investment from the C-suite to ensure technologies are up-to-date, external breach experts are secured, and selection of an identity protection product for affected customers is determined prior to an incident to ensure a quick and smooth response."
The study did discover that executives were aiming to increase the effectiveness of their response plans. Larger security budgets were seen as a necessary tool to combat cyberattacks, with 69 percent of respondents citing additional funding as a requirement to improved response activity. At the same time, 77 percent of participants suggested testing their companies' data breach response procedures more frequently.
While larger security budgets and regularly scheduled tests of defense practices are reliable ways to improve enterprise security, having effective methods in place to begin with is the best way to prevent cyberattacks. One technique that businesses can especially benefit from is managing privileged users and controlling which devices have access to sensitive information and networks. The use of data encryption is a reliable way to ensure only authorized users are able to obtain privileged data.
Security-conscious organizations also trust public key infrastructure to encrypt client information, keeping it out of the hands of malicious actors. PKI is one of the most secure methods of encryption, ensuring security and privacy.