Each year it becomes more and more likely that a given company will experience some form of data breach. Most companies now have plans in place to deal with these events, but many of them do little beyond that. It is still relatively rare for a company to drill or practice putting their plan into effect, but having a plan and being prepared are not always the same thing.
It is a sad fact that many companies develop their data breach plans and then stop, as though their data protection is now taken care of. Rather than thinking of being prepared as a single action to be taken, it is much more beneficial to view it as a process – one that includes regularly reviewing the plan and practicing putting it into effect.
Increased Spending
This year’s Ponemon Institute study on data protection preparedness had some interesting results with regard to how much attention companies are paying to the subject.
- 61% of those surveyed indicated that they already have data protection training in place.
- 58% have increased their investment in security to better detect and more quickly respond to data breaches.
- More than 70% of respondents understand that it is necessary to take action after a data breach in order to minimize the effects to their finances and reputation. The top three methods preferred were complimentary credit monitoring and identity protection, gift cards, and discounts, respectively.
The Need for Time
The same study also points out that, though most companies are spending more on cyber security, they still aren’t putting the necessary time and attention into it. They found that:
- 29% have never reviewed their data breach plan,
- 38% have not specified a time to perform review,
- 27% felt confident in their ability to deal with the aftermath of a data breach, and
- 31% felt inadequate to dealing with an international breach.
Perhaps most alarming of all is that, while incidents of ransomware attacks in 2015 had increased by 35%, 56% of businesses feel unprepared to deal with this type of attack.
When Disaster Strikes
Preparing for a data breach is very much like preparing for a natural disaster. It is important to have a good response plan, and to make sure that everyone knows what to do should the plan need to be executed. It is just as important, however, that employees have the chance to practice the plan. The ability to effectively put a plan into action can be the difference between a very serious situation that the company can work through and a very serious situation that spells the end of the company.