Almost Three Quarters of Companies Unprepared for Data Breaches
A day after the Department of Justice announced released new guidelines for responding to data breaches, the results of a survey conducted by EiQ Networks, a provider of security, risk and compliance solutions, confirms the need for assistance. Nearly three quarters (72%) of respondents claimed they were not prepared for a data breach.
The survey was conducted on 168 IT decision makers, with the sample including respondents from a range of industries. The data suggests IT staff do not have much confidence in either the defenses they have employed or how their organizations will deal with a data breach when it occurs.
There were numerous problems highlighted by the survey, with a general lack of resources cited as one of the main issues. IT departments simply do not have the staffing levels required to safeguard systems and prevent data breaches, but 62% if respondents claimed their main concern was a lack of process – or only a partial process – to protect their company. There were inadequate checks being conducted to determine whether a security incident had actually occurred, and a lack of confidence in the breach response policies.
IT professionals were asked about the measures they had implemented to secure data and it is worrying that only 6 out of 10 companies are using log management, and 29% appear not to be using anti-virus software.
Measures Used to Protect Data
- Traditional network server Firewall – 86%
- Anti-virus software – 71%
- IDS/IPS technologies – 59%
- Log management – 58%
- SIEM – 44%
In spite of these measures being employed, only 15% of respondents had confidence in their employers systems’ ability to identify a security breach and in their companies breach response policies. 72% said their IT infrastructure was not well protected.
The use of security technology is believed to be effective at stopping cyber security threats, with 85% confident or somewhat confident that it will stop attacks, although only 27% were confident that the technology employed would work.
Main Concerns About IT Security
Respondents appeared to be more concerned about the effect that a data breach would have on their reputation than the costs of a data breach. While costs will be incurred as a result of a breach, 68% believed the loss of trust and affect on their reputation would be more significant than the cost.
Those costs can however have a devastating effect. 13% claimed they would be unlikely to survive a data breach and 19% said they could only withstand a “small financial hit”.
The areas of the IT infrastructure that were causing the most concern were the network perimeter (23%), endpoints (21%) and web applications (14%). When asked to prioritize the security initiatives they were implementing, the most important were deemed to be:
1. Network monitoring
2. Anti-virus software
3. Data encryption technology
4. Dedicated IT security professional
5. Cyber insurance policy
6. Provider of managed services