The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Almost Three Quarters of Companies Unprepared for Data Breaches

Posted By on May 6, 2015

A day after the Department of Justice released new guidelines for responding to data breaches, the results of a survey conducted by EiQ Networks, a provider of security, risk, and compliance solutions, confirm the need for assistance. Nearly three-quarters (72%) of respondents claimed they were not prepared for a data breach.

The survey was conducted on 168 IT decision-makers, with the sample including respondents from a range of industries. The data suggests IT staff do not have much confidence in either the defenses they have employed or how their organizations will deal with a data breach when it occurs.

There were numerous problems highlighted by the survey, with a general lack of resources cited as one of the main issues. IT departments simply do not have the staffing levels required to safeguard systems and prevent data breaches, but 62% if respondents claimed their main concern was a lack of process – or only a partial process – to protect their company. There were inadequate checks being conducted to determine whether a security incident had actually occurred, and a lack of confidence in the breach response policies.

IT professionals were asked about the measures they had implemented to secure data and it is worrying that only 6 out of 10 companies are using log management, and 29% appear not to be using anti-virus software.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Measures Used to Protect Data

  • Traditional network server Firewall – 86%
  • Anti-virus software – 71%
  • IDS/IPS technologies – 59%
  • Log management – 58%
  • SIEM – 44%

Despite these measures being employed, only 15% of respondents had confidence in their employer’s systems’ ability to identify a security breach and in their company’s breach response policies. 72% said their IT infrastructure was not well protected.

The use of security technology is believed to be effective at stopping cyber security threats, with 85% confident or somewhat confident that it will stop attacks, although only 27% were confident that the technology employed would work.

Main Concerns About IT Security

Respondents appeared to be more concerned about the effect that a data breach would have on their reputation than the costs of a data breach. While costs will be incurred as a result of a breach, 68% believed the loss of trust and effect on their reputation would be more significant than the cost.

Those costs can however have a devastating effect. 13% claimed they would be unlikely to survive a data breach and 19% said they could only withstand a “small financial hit”.

The areas of the IT infrastructure that were causing the most concern were the network perimeter (23%), endpoints (21%), and web applications (14%). When asked to prioritize the security initiatives they were implementing, the most important were deemed to be:

1.  Network monitoring

2. Anti-virus software

3. Data encryption technology

4. Dedicated IT security professional

5. Cyber insurance policy

6. Provider of managed services

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist