Experian’s Data Breach Preparedness Study: Increased Investments in Security Aren’t Stopping Breaches

Dispelling the Dangerous Myth of Data Breach Fatigue

March 18, 2020

While corporations today are more knowledgeable about security threats and prepared to respond to data breaches, there are key areas in which progress declined in 2019. Experian® released its seventh annual corporate preparedness study, Is Your Company Ready for a Big Data Breach?, revealing that cybercriminals may still be one step ahead of companies’ security practices and investments.

Conducted by the Ponemon Institute, the study surveyed 650 professionals in the United States — and new this year — 456 in EMEA.

Sixty-eight percent of respondents say their organization has put more resources toward security technologies to detect and respond quickly to a data breach. More than half of those surveyed (57 percent) also reported that they believe their data breach response plans are “very” or “highly” effective, up from 49 percent in 2018.

More organizations are also taking additional steps to prepare beyond their data breach response plan. These steps include:

Regularly reviewing physical security and access to confidential information (73 percent, up three percent)
Conducting background checks on new full-time employees and vendors (69 percent, up four percent)
Integrating data breach response into business continuity plans (56 percent, up four percent)
Subscribing to a dark web monitoring service (26 percent, up seven percent)

For the second year surveying respondents about the General Data Protection Regulation (GDPR), organizations have improved their ability to comply with GDPR with 54 percent of respondents saying they have a high or very high ability to comply with the regulation (an increase from 36 percent), while 50 percent of respondents have a high or very high effectiveness in complying with the data breach notification rules (an increase from 23 percent).

While more time and resources are being put toward preventing and preparing for a data breach, unfortunately, 63 percent of those surveyed reported they had a data breach involving more than 1,000 records, a 4 percent increase from 2018. There was a slight increase (one percent) of those who had data breaches more than five times (12 percent).

Consequently, organizations are struggling in the following areas:

Since 2017, respondents who say their organization is very confident or confident in their ability to deal with spear phishing attacks has declined from 31 percent to 23 percent. Sixty-nine percent of respondents had one or more spear phishing attacks in 2019.
Thirty-six percent of respondents say their organization had a ransomware attack last year with only 20 percent feeling confident in their ability to deal with it. The average ransom was $6,128 and 68 percent of respondents say it was paid.
From a reputation standpoint, only 23 percent of respondents say their organization is confident in its ability to minimize the financial and reputational consequences of a material data breach, while about a third (38 percent) believe they’re effective at doing what needs to be done following a data breach to prevent the loss of customers’ and business partners’ trust and confidence.
With more breaches being international in scope, only 34 percent of respondents say they are confident in their organization’s ability to respond to global breaches.
Two out of three (66 percent) respondents say their organization hasn’t reviewed or updated the plan since it was put into place or hasn’t set a specific time to review and update the plan.

“It’s a bit surprising to see that organizations have made great strides in certain areas, but not in others, especially when it comes to fighting rudimentary attacks, such as spear phishing or IoT and malware infiltration,” said Michael Bruemmer, vice president of Data Breach Resolution at Experian. “But, overall, with 94 percent of organizations having a data breach response plan in place, and a third deploying data protection program activities across the enterprise with C-level support, security postures have improved immensely. However, organizations shouldn’t let their guard down and should continue to invest in trainings, technology and external response partners.”

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Experian’s Data Breach Preparedness Study: Increased Investments in Security Aren’t Stopping Breaches

Related Articles

Related Events

Report Abusive Comment