Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

Experian Study on Data Breaches Reveals Gaps in Response Plans

cyber responsive default
November 3, 2015

While an increasing number of companies have a basic data breach response plan in place, many plans do not cover important steps and executives lack confidence in their ability to manage a major breach, according to a new study.

Sponsored by Experian Data Breach Resolution and conducted by the Ponemon Institute, the third annual study, Is Your Company Ready for a Big Data Breach?, probed more than 600 executives about their response plans and level of preparedness.

The good news is that 81 percent of survey respondents (an increase from 73 percent in 2014) have a response plan in place and there is more senior executive involvement, with 39 percent of boards of directors and chief executive officers being involved in incident response planning. This is up 10 percent from 2014.

However, despite data breaches being a major concern for organizations, many areas the survey addressed had less than stellar results. Only 34 percent of survey respondents said their response plan was effective, and only 28 percent are confident in their ability to minimize the financial and reputational consequences of a breach.

Additional key findings from the study include:

While more companies have a response plan in place (81 percent), they often lack important details and are not practiced regularly. 

•More than half of respondents do not have a cyber insurance policy (53 percent)

•Forty-five percent of respondents say their company either does not practice responding to a data breach or waits more than two years to practice

•More than a third (37 percent) of respondents do not address procedures for responding to a data breach involving an overseas location

A majority of business leaders surveyed acknowledge that the potential damage data breaches can cause to corporate reputation is significant. The combination of the higher likelihood and significant impact has caused data breaches to be a major issue across all sectors.

•When asked about what issues would cause the greatest impact to corporate reputation, data breaches ranked second (39 percent) only to poor customer service (55 percent) and ahead of product recalls (35 percent), publicized lawsuits (25 percent) and environmental incidents (16 percent)

•The most concerning types of incidents are loss or theft of intellectual property (64 percent) and consumer data (53 percent)

•The biggest barriers to improving IT security to respond to a breach is lack of visibility into end-user access of sensitive and confidential information (60 percent) and proliferation of mobile devices and cloud services (45 percent)

Security magazine spoke with Michael Bruemmer, Vice President, Experian, about the study results.

Are you surprised that data breach preparedness, while it has improved, is not where it should be?
Michael Bruemmer: Yes - we were surprised to find that not all companies are taking action to prepare for a data breach or more notably practicing their plan. This is why many executives are not confident in their company's ability to successfully respond to a security incident. Only 34 percent of survey respondents said their response plan was effective, and only 28 percent are confident in their ability to minimize the financial and reputational consequences of a breach.

The report suggests that a company can include a strategy to minimize the consequences of the theft of business confidential information and intellectual property in data breach response plans.” What are companies including in their breach response plans?
Michael Bruemmer: At a base level, a data breach response plan includes the precise steps that would be taken in the event of the breach, and clearly detail roles and responsibilities of the response team. At a minimum, this should include involvement from IT, legal counsel, risk and compliance, public relations, human resources and customer service.

According to the study, some of the primary guidance companies account for in the data breach response plan include distributed denial of service attack (DDoS) (89 percent of respondents), loss or theft of personally identifiable information (79 percent of respondents), loss or theft of information about customer affiliations/associations that would result in damage to their organization (75 percent of respondents) and loss or theft of payment information, including credit cards (71 percent of respondents).

However, only 52 percent surveyed accounted for the potential loss of intellectual property or confidential business information in their response plan, and only 39 percent were prepared to manage the loss or theft of sensitive paper documents – indicating areas companies can improve their plans.

To help businesses identify gaps in their plan and areas to improve, we’ve outlined some of the key components for data breach preparedness in our annual 2015-2016 Data Breach Response Guide.

What should, as the report notes, a “strategy to maintain the trust of customers, business partners and other key stakeholders in data breach response plans,” entail?
Michael Bruemmer: Communication is key to maintaining trust. Once a data breach happens, companies should prioritize quick and transparent communication with customers and key stakeholders. According to a consumer survey we conducted last year, maintaining trust after a data breach requires a thoughtful response and actions. Consumers indicated companies that provide free identity theft protection (63 percent), deliver clear communications (67 percent) and disclose all of the facts (56 percent) following a data breach were more likely to keep their business. The good news is executives heard this feedback as a majority agree identity theft protection and credit monitoring should be provided to customers when a breach occurs.

Who should be the person within a company that is ensuring data breach preparedness?
Michael Bruemmer: The lead of a data breach response team can be different for every organization but the most important consideration is that the individual has access to the C-suite, an understanding of the data breach landscape and the respect of their peers. It is important the incident response team have a lean approval chain. One person should be the appropriate delegated authority to make executive decisions and articulate questions or concerns quickly up the chain of command in the event of an incident.

According to the study, 81 percent of respondents say their organizations have a data breach notification plan in place and the person most in charge is the chief information security officer (23 percent of respondents) followed by the compliance officer (13 percent of respondents) and head of business continuity management (12 percent of respondents).

Once a data breach takes place, whom within a company needs to be out front in the public and communicating with shareholders and customers and media?
Michael Bruemmer: Typically, the public relations team will guide a company on its communications approach and most often, the chief executive officer needs to be the one out front and center. Consumers need to know the company cares and takes the incident very seriously. Because the potential loss of reputation and brand loyalty poses a major risks to organization after a breach, it is essential that companies are prepared with the right communication strategies and have an understanding of best practices well ahead of time.

As part of the data breach response plan, companies should be prepared to equip spokespeople with statements on steps being taken to investigate the issue and consider mentioning that they will be provided a remedy of identity protection if it is being provided to those affected.

Companies should also be prepared to ensure frontline employees have the information they need to communicate to their customers about what happened, what the company is going to do in response and what actions the customer should take to protect themselves from fraud.

Are you seeing consumers on social media discussing data breaches the same way that they would discuss poor customer service?
Michael Bruemmer: While we don't see customers turning to social media as their day-to-day outlet to discuss data breach issues, just like a news cycle it can see a spike in conversation in the initial days surrounding an incident. However, that doesn't mean executives aren't concerned with the potential reputational impact a data breach can have with consumers. Executives ranked data breaches second only to poor customer service in terms of potential to damage business reputation. Perhaps surprisingly, this was ranked ahead of product recalls, environmental incidents and publicized lawsuits.

Read the full study at http://www.experian.com/data-breach/2015-ponemon-preparedness.html

 


 

KEYWORDS: cyber security data breach data theft

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

    Experian’s Data Breach Preparedness Study: Increased Investments in Security Aren’t Stopping Breaches

    See More
  • cyber5-900px.jpg

    Study Reveals Cybersecurity Readiness Gaps in Oil and Gas Industry

    See More
  • cyber_900

    Experian: More Than a Third of Companies are Unprepared to Respond to a Data Breach

    See More

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing