Almost Three Quarters of Companies Unprepared for Data Breaches

Share this article on:

A day after the Department of Justice announced released new guidelines for responding to data breaches, the results of a survey conducted by EiQ Networks, a provider of security, risk and compliance solutions, confirms the need for assistance. Nearly three quarters (72%) of respondents claimed they were not prepared for a data breach.

The survey was conducted on 168 IT decision makers, with the sample including respondents from a range of industries. The data suggests IT staff do not have much confidence in either the defenses they have employed or how their organizations will deal with a data breach when it occurs.

There were numerous problems highlighted by the survey, with a general lack of resources cited as one of the main issues. IT departments simply do not have the staffing levels required to safeguard systems and prevent data breaches, but 62% if respondents claimed their main concern was a lack of process – or only a partial process – to protect their company. There were inadequate checks being conducted to determine whether a security incident had actually occurred, and a lack of confidence in the breach response policies.

IT professionals were asked about the measures they had implemented to secure data and it is worrying that only 6 out of 10 companies are using log management, and 29% appear not to be using anti-virus software.

Measures Used to Protect Data


  • Traditional network server Firewall – 86%
  • Anti-virus software – 71%
  • IDS/IPS technologies – 59%
  • Log management – 58%
  • SIEM – 44%


In spite of these measures being employed, only 15% of respondents had confidence in their employers systems’ ability to identify a security breach and in their companies breach response policies. 72% said their IT infrastructure was not well protected.

The use of security technology is believed to be effective at stopping cyber security threats, with 85% confident or somewhat confident that it will stop attacks, although only 27% were confident that the technology employed would work.

Main Concerns About IT Security

Respondents appeared to be more concerned about the effect that a data breach would have on their reputation than the costs of a data breach. While costs will be incurred as a result of a breach, 68% believed the loss of trust and affect on their reputation would be more significant than the cost.

Those costs can however have a devastating effect. 13% claimed they would be unlikely to survive a data breach and 19% said they could only withstand a “small financial hit”.

The areas of the IT infrastructure that were causing the most concern were the network perimeter (23%), endpoints (21%) and web applications (14%). When asked to prioritize the security initiatives they were implementing, the most important were deemed to be:

1.  Network monitoring

2. Anti-virus software

3. Data encryption technology

4. Dedicated IT security professional

5. Cyber insurance policy

6. Provider of managed services

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On