Almost Three Quarters of Companies Unprepared for Data Breaches

A day after the Department of Justice announced released new guidelines for responding to data breaches, the results of a survey conducted by EiQ Networks, a provider of security, risk and compliance solutions, confirms the need for assistance. Nearly three quarters (72%) of respondents claimed they were not prepared for a data breach.

The survey was conducted on 168 IT decision makers, with the sample including respondents from a range of industries. The data suggests IT staff do not have much confidence in either the defenses they have employed or how their organizations will deal with a data breach when it occurs.

There were numerous problems highlighted by the survey, with a general lack of resources cited as one of the main issues. IT departments simply do not have the staffing levels required to safeguard systems and prevent data breaches, but 62% if respondents claimed their main concern was a lack of process – or only a partial process – to protect their company. There were inadequate checks being conducted to determine whether a security incident had actually occurred, and a lack of confidence in the breach response policies.

IT professionals were asked about the measures they had implemented to secure data and it is worrying that only 6 out of 10 companies are using log management, and 29% appear not to be using anti-virus software.

Measures Used to Protect Data


  • Traditional network server Firewall – 86%
  • Anti-virus software – 71%
  • IDS/IPS technologies – 59%
  • Log management – 58%
  • SIEM – 44%


In spite of these measures being employed, only 15% of respondents had confidence in their employers systems’ ability to identify a security breach and in their companies breach response policies. 72% said their IT infrastructure was not well protected.

The use of security technology is believed to be effective at stopping cyber security threats, with 85% confident or somewhat confident that it will stop attacks, although only 27% were confident that the technology employed would work.

Main Concerns About IT Security

Respondents appeared to be more concerned about the effect that a data breach would have on their reputation than the costs of a data breach. While costs will be incurred as a result of a breach, 68% believed the loss of trust and affect on their reputation would be more significant than the cost.

Those costs can however have a devastating effect. 13% claimed they would be unlikely to survive a data breach and 19% said they could only withstand a “small financial hit”.

The areas of the IT infrastructure that were causing the most concern were the network perimeter (23%), endpoints (21%) and web applications (14%). When asked to prioritize the security initiatives they were implementing, the most important were deemed to be:

1.  Network monitoring

2. Anti-virus software

3. Data encryption technology

4. Dedicated IT security professional

5. Cyber insurance policy

6. Provider of managed services

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.