Skip to content ↓ | Skip to navigation ↓

Despite more organizations making investments to protect their data, a new study reveals few organizations are confident in their ability to respond to the most serious consequences of data breaches.

According to a recent report released by the Ponemon Institute, 86 percent of organizations said they have a data breach plan in 2016. However, only 42 percent of respondents considered the plan effective.

The study—which surveyed 619 US-based executives and staff employees working primarily in privacy, compliance and IT security—also found that 29 percent of organizations had neither reviewed nor updated their data breach plan since it was first put in place.

Furthermore, only 27 percent of organizations surveyed said they felt confident in their ability to minimize the financial and reputational consequences of a breach.

Michael Bruemmer, vice president at Experian Data Breach Resolution and sponsor of the survey, notes that when it comes to managing data breaches, having a response plan is simply not the same as being prepared.

“Unfortunately, many companies are simply checking the box on this security tactic. Developing a plan is the first step, but preparedness must be considered an ongoing process, with regular reviews of the plan and practice drills,” said Bruemmer.

“A deterrent to an effective data breach response plan is keeping it current with changes in the risks and threats facing a company,” read the report.

Other key findings from this year’s study include:

  • Only 39% of organizations surveyed practice their plan at least twice a year.
  • Among those organizations surveyed that do not practice their plan (26%), a majority (64%) don’t practice because it is not a priority.
  • 57% of respondents say their company’s board of directors, chairman and CEO are not informed and involved in plans to deal with a possible data breach.
  • Only 38% of companies surveyed have a data breach or cyber insurance policy. Of those that do not have such a policy, 40% have no plans to purchase one.

To read the full Ponemon Report, click here (PDF).