Almost Three Quarters of Companies Unprepared for Data Breaches
A day after the Department of Justice released new guidelines for responding to data breaches, the results of a survey conducted by EiQ Networks, a provider of security, risk, and compliance solutions, confirm the need for assistance. Nearly three-quarters (72%) of respondents claimed they were not prepared for a data breach.
The survey was conducted on 168 IT decision-makers, with the sample including respondents from a range of industries. The data suggests IT staff do not have much confidence in either the defenses they have employed or how their organizations will deal with a data breach when it occurs.
There were numerous problems highlighted by the survey, with a general lack of resources cited as one of the main issues. IT departments simply do not have the staffing levels required to safeguard systems and prevent data breaches, but 62% if respondents claimed their main concern was a lack of process – or only a partial process – to protect their company. There were inadequate checks being conducted to determine whether a security incident had actually occurred, and a lack of confidence in the breach response policies.
IT professionals were asked about the measures they had implemented to secure data and it is worrying that only 6 out of 10 companies are using log management, and 29% appear not to be using anti-virus software.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Measures Used to Protect Data
- Traditional network server Firewall – 86%
- Anti-virus software – 71%
- IDS/IPS technologies – 59%
- Log management – 58%
- SIEM – 44%
Despite these measures being employed, only 15% of respondents had confidence in their employer’s systems’ ability to identify a security breach and in their company’s breach response policies. 72% said their IT infrastructure was not well protected.
The use of security technology is believed to be effective at stopping cyber security threats, with 85% confident or somewhat confident that it will stop attacks, although only 27% were confident that the technology employed would work.
Main Concerns About IT Security
Respondents appeared to be more concerned about the effect that a data breach would have on their reputation than the costs of a data breach. While costs will be incurred as a result of a breach, 68% believed the loss of trust and effect on their reputation would be more significant than the cost.
Those costs can however have a devastating effect. 13% claimed they would be unlikely to survive a data breach and 19% said they could only withstand a “small financial hit”.
The areas of the IT infrastructure that were causing the most concern were the network perimeter (23%), endpoints (21%), and web applications (14%). When asked to prioritize the security initiatives they were implementing, the most important were deemed to be:
1. Network monitoring
2. Anti-virus software
3. Data encryption technology
4. Dedicated IT security professional
5. Cyber insurance policy
6. Provider of managed services