Companies know that data breaches can be costly but still struggle to prepare for them, a new survey finds.
The survey, released Tuesday by Experian Data Breach Resolution and the Ponemon Institute, found that the majority of companies expect to suffer from a data breach and are aware of the possible consequences, yet many have not taken steps to prepare for or respond to one.
Seventy-six percent of respondents say their company has had a data breach or expects to have one, and 66% say they expect severe financial consequences from a breach. Seventy-five percent say they expect such an incident will result in negative media attention or a hit to public opinion.
Yet 39% of companies who have been hit with a breach say their companies have not developed a plan to respond to future incidents. Ten percent of companies have breach or cyber insurance. Less than one-third of respondents say that sensitive customer data is encrypted.
Companies also struggle to respond effectively to breaches. Only 36% say they have the proper forensic technology to assess the size and severity of a data breach, while 21% say they have trained employees to communicate with customers following a breach.
"The study findings show that organizations need to prioritize preventing future breaches and better manage post-breach response," said Larry Ponemon, chairman and founder of the Ponemon Institute, in the news release. "In addition to improving technical safeguards, it's clear that companies also should focus more attention on meeting the needs of affected consumers that suffer a data breach."
