By Information Management Editorial Staff
MAY 18, 2007 1:00am ET

Related Links

The State of Cloud Standards
February 10, 2012
CIO Stepping Stones to Success
February 10, 2012
Oracle to Buy Taleo
February 9, 2012

Web Seminars

6 Key Things to Fast Track your Mobility Strategy
February 23, 2012
Why Getting Started in MDM Doesn't Have to Be Difficult
February 29, 2012
Dashboards: How's Business? Ask your Data!
March 15, 2012

Scott & Scott LLP and Ponemon Institute Survey: Data Security Breach

Print
Reprints
Email

According to a new study commissioned by Scott & Scott, LLP (www.scottandscottllp.com) and conducted by privacy and information management research firm the Ponemon Institute (www.ponemon.org), 85 percent of businesses have experienced a data security breach. Despite the frequency of such security failures, 46 percent of businesses failed to implement encryption solutions even after suffering a data breach, and 82 percent did not seek legal counsel prior to responding to the incident despite having no prior response plan in place.

The survey, entitled "The Business Impact of Data Breach," examines the responses of more than 700 US-based C-level executives, managers and IT security officers in mid-size to large businesses spanning all industries.

Analysis of the results shows that businesses are struggling to implement the proper policies and controls required to prepare for and mitigate the legal, regulatory and financial risks associated with a security failure. In addition, many businesses may be discounting the long-term threat to customer retention and corporate reputation.

Key findings from the survey include the following:

  • More than 85 percent of respondent organizations reported that they have experienced a data breach event.
  • Of those organizations, less than 43 percent had an incident response plan in place, and 82 percent failed to consult with legal counsel before responding to the incident.
  • Following a breach, 46 percent of organizations still failed to implement encryption technology on portable devices.
  • 95 percent of businesses suffering a data breach were required to notify data subjects whose information was lost or stolen.
  • 97 percent were required to notify under state statutes.
  • 58 percent were required to notify under federal privacy acts such as HIPAA, GLBA and OCC.
  • Organizations that suffered data breach actually employ substantially more IT and data security measures than organizations that did not experience a data breach.
  • 37 percent of respondents say their organizations sent blanket notifications, rather than precise notifications.
  • Organizations experiencing a data breach incurred costs across the board.
  • 74 percent report loss of customers.
  • 59 percent faced potential litigation.
  • 33 percent faced potential fines.
  • 32 percent experienced a decline in share value.
  • Almost half of the breach incidents were attributed to lost or stolen equipment such as laptops, PDAs and memory sticks. The second largest threat came from negligent employees, temporary employees and/or contractors.
  • Despite the frequency of data breach events, 42 percent of respondents claim their organization's IT security spending will remain the same in the coming year.

With nearly 100 percent of businesses stating they were required under state or federal regulations to report the breach, respondents place careful assessment of potential harm to data subjects as their first priority following a breach. Most report little or no monetary harm to the data subjects.

These findings seem to highlight the need for reform of notification requirements, which can be detrimental to businesses especially when weighed against the perceived lack of real benefit to consumers.

This piece is brought to you by the Information Management editorial staff.

Filed under:
Security/Identity

Advertisement

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
You must be registered to post a comment.
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.

Slide Shows

How to Select Relevant KPIs
Most Read
Most Emailed

Information Management discussion: Business Intelligence

Twitter
Facebook
LinkedIn

Analytics

Business Intelligence

Customer Experience

Open Source

Predictive Analytics

Data Governance

Data Integration

Data Management

Login  |  My Account  |  White Papers  |  Web Seminars  |  Events |  Newsletters |  eBooks
FOLLOW US
Please note you must now log in with your email address and password.