We’ve posted many times about the importance of having a data breach response plan in place. Indeed, the FTC just released its own guidance on data breach response. A new study, however, demonstrates that “having a response plan is simply not the same as being prepared,” particularly if that response plan is not kept up to date.
Ponemon surveyed 619 executives and staff employees who work in privacy, compliance and IT security in the US for the fourth annual Is Your Company Ready for a Big Data Breach? study on behalf of Experian. The study looks into the effectiveness of data breach response plans, with the data indicating that simply having a plan in place is no longer enough.
According to the study, 86% of organizations say their organization has a data breach plan; 42% believe their plan is effective or very effective. Although study demonstrates growing confidence in data breach plans, reported data breaches continue to rise. The percentage of organizations experiencing data breaches has climbed steadily, with 52% of organizations this year reporting a data breach. It was further revealed that 26% or organizations do not practice their data security plan.
“When it comes to managing a data breach, having a response plan is simply not the same as being prepared,” said Michael Bruemmer, vice president at Experian Data Breach Resolution. “Unfortunately many companies are simply checking the box on this security tactic. Developing a plan is the first step, but preparedness must be considered an ongoing process, with regular reviews of the plan and practice drills.”
The report indicates that 61% of organizations have privacy/data protection awareness and training in place (up from 44% the previous year). All of this reveals, to us, that not only do organizations need to actively improve their preparedness, with greater training and practice drills, but the addition of tools to increase visibility into the effectiveness of existing security layers is key to ensuring that security is maintained.
At Absolute, we can help lend that visibility to your security program to ensure that your security plans are working effectively. Using Absolute DDS, you can get a real-time assessment of your security posture, in addition to automated alerts if user, device, security application tracking or sensitive data monitoring triggers a warning. With Absolute DDS, you can program the automatic reinstallation of business critical endpoint software applications, remotely recover or delete data, and set policies to ensure offline devices are automatically protected. In the event a security incident escalates, you can produce an audit log to prove data on a compromised device was properly secured, not accessed, and safely deleted. Your data breach response plan should include the automated protections of Absolute DDS. Learn more at Absolute.com