Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

Experian Study on Data Breaches Reveals Gaps in Response Plans

cyber responsive default
November 3, 2015

While an increasing number of companies have a basic data breach response plan in place, many plans do not cover important steps and executives lack confidence in their ability to manage a major breach, according to a new study.

Sponsored by Experian Data Breach Resolution and conducted by the Ponemon Institute, the third annual study, Is Your Company Ready for a Big Data Breach?, probed more than 600 executives about their response plans and level of preparedness.

The good news is that 81 percent of survey respondents (an increase from 73 percent in 2014) have a response plan in place and there is more senior executive involvement, with 39 percent of boards of directors and chief executive officers being involved in incident response planning. This is up 10 percent from 2014.

However, despite data breaches being a major concern for organizations, many areas the survey addressed had less than stellar results. Only 34 percent of survey respondents said their response plan was effective, and only 28 percent are confident in their ability to minimize the financial and reputational consequences of a breach.

Additional key findings from the study include:

While more companies have a response plan in place (81 percent), they often lack important details and are not practiced regularly. 

•More than half of respondents do not have a cyber insurance policy (53 percent)

•Forty-five percent of respondents say their company either does not practice responding to a data breach or waits more than two years to practice

•More than a third (37 percent) of respondents do not address procedures for responding to a data breach involving an overseas location

A majority of business leaders surveyed acknowledge that the potential damage data breaches can cause to corporate reputation is significant. The combination of the higher likelihood and significant impact has caused data breaches to be a major issue across all sectors.

•When asked about what issues would cause the greatest impact to corporate reputation, data breaches ranked second (39 percent) only to poor customer service (55 percent) and ahead of product recalls (35 percent), publicized lawsuits (25 percent) and environmental incidents (16 percent)

•The most concerning types of incidents are loss or theft of intellectual property (64 percent) and consumer data (53 percent)

•The biggest barriers to improving IT security to respond to a breach is lack of visibility into end-user access of sensitive and confidential information (60 percent) and proliferation of mobile devices and cloud services (45 percent)

Security magazine spoke with Michael Bruemmer, Vice President, Experian, about the study results.

Are you surprised that data breach preparedness, while it has improved, is not where it should be?
Michael Bruemmer: Yes - we were surprised to find that not all companies are taking action to prepare for a data breach or more notably practicing their plan. This is why many executives are not confident in their company's ability to successfully respond to a security incident. Only 34 percent of survey respondents said their response plan was effective, and only 28 percent are confident in their ability to minimize the financial and reputational consequences of a breach.

The report suggests that a company can include a strategy to minimize the consequences of the theft of business confidential information and intellectual property in data breach response plans.” What are companies including in their breach response plans?
Michael Bruemmer: At a base level, a data breach response plan includes the precise steps that would be taken in the event of the breach, and clearly detail roles and responsibilities of the response team. At a minimum, this should include involvement from IT, legal counsel, risk and compliance, public relations, human resources and customer service.

According to the study, some of the primary guidance companies account for in the data breach response plan include distributed denial of service attack (DDoS) (89 percent of respondents), loss or theft of personally identifiable information (79 percent of respondents), loss or theft of information about customer affiliations/associations that would result in damage to their organization (75 percent of respondents) and loss or theft of payment information, including credit cards (71 percent of respondents).

However, only 52 percent surveyed accounted for the potential loss of intellectual property or confidential business information in their response plan, and only 39 percent were prepared to manage the loss or theft of sensitive paper documents – indicating areas companies can improve their plans.

To help businesses identify gaps in their plan and areas to improve, we’ve outlined some of the key components for data breach preparedness in our annual 2015-2016 Data Breach Response Guide.

What should, as the report notes, a “strategy to maintain the trust of customers, business partners and other key stakeholders in data breach response plans,” entail?
Michael Bruemmer: Communication is key to maintaining trust. Once a data breach happens, companies should prioritize quick and transparent communication with customers and key stakeholders. According to a consumer survey we conducted last year, maintaining trust after a data breach requires a thoughtful response and actions. Consumers indicated companies that provide free identity theft protection (63 percent), deliver clear communications (67 percent) and disclose all of the facts (56 percent) following a data breach were more likely to keep their business. The good news is executives heard this feedback as a majority agree identity theft protection and credit monitoring should be provided to customers when a breach occurs.

Who should be the person within a company that is ensuring data breach preparedness?
Michael Bruemmer: The lead of a data breach response team can be different for every organization but the most important consideration is that the individual has access to the C-suite, an understanding of the data breach landscape and the respect of their peers. It is important the incident response team have a lean approval chain. One person should be the appropriate delegated authority to make executive decisions and articulate questions or concerns quickly up the chain of command in the event of an incident.

According to the study, 81 percent of respondents say their organizations have a data breach notification plan in place and the person most in charge is the chief information security officer (23 percent of respondents) followed by the compliance officer (13 percent of respondents) and head of business continuity management (12 percent of respondents).

Once a data breach takes place, whom within a company needs to be out front in the public and communicating with shareholders and customers and media?
Michael Bruemmer: Typically, the public relations team will guide a company on its communications approach and most often, the chief executive officer needs to be the one out front and center. Consumers need to know the company cares and takes the incident very seriously. Because the potential loss of reputation and brand loyalty poses a major risks to organization after a breach, it is essential that companies are prepared with the right communication strategies and have an understanding of best practices well ahead of time.

As part of the data breach response plan, companies should be prepared to equip spokespeople with statements on steps being taken to investigate the issue and consider mentioning that they will be provided a remedy of identity protection if it is being provided to those affected.

Companies should also be prepared to ensure frontline employees have the information they need to communicate to their customers about what happened, what the company is going to do in response and what actions the customer should take to protect themselves from fraud.

Are you seeing consumers on social media discussing data breaches the same way that they would discuss poor customer service?
Michael Bruemmer: While we don't see customers turning to social media as their day-to-day outlet to discuss data breach issues, just like a news cycle it can see a spike in conversation in the initial days surrounding an incident. However, that doesn't mean executives aren't concerned with the potential reputational impact a data breach can have with consumers. Executives ranked data breaches second only to poor customer service in terms of potential to damage business reputation. Perhaps surprisingly, this was ranked ahead of product recalls, environmental incidents and publicized lawsuits.

Read the full study at http://www.experian.com/data-breach/2015-ponemon-preparedness.html

 


 

KEYWORDS: cyber security data breach data theft

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

    Experian’s Data Breach Preparedness Study: Increased Investments in Security Aren’t Stopping Breaches

    See More
  • cyber5-900px.jpg

    Study Reveals Cybersecurity Readiness Gaps in Oil and Gas Industry

    See More
  • Study Says Payment Card Industry Data Security Standards to Evolve Based on Continued Data Breaches

    See More

Related Products

See More Products
  • GSEC.jpg

    GSEC GIAC Security Essentials Certification All-In-One Exam Guide, 2E

  • 150952519X.jpg

    Intelligence in An Insecure World, 3rd Edition

  • Hospitality-Security.gif

    Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

See More Products

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!