Case Studies

Data breach and response survey

by Mark Rowe

Experian, a credit checking and information services company, has released a report on British organisations’ preparedness for the growing threat of data breach. Data Breach Readiness 2.0: The Customer First Data Breach Response, draws from more than 400 senior business executives. Among the findings:

• 34 per cent do not have a data breach response plan in place at all
• Of those that do, a quarter of these plans do not include specialist crisis communications (23 per cent) or legal support (27 per cent)
• More than a third (37 per cent) had not included or considered digital forensics
• Only one third have specific budgets set aside to deal with data breaches, in spite of 81 per cent saying they are concerned about the financial impact of recovering from a breach
• 39 per cent have no reporting procedures in place for lost data or devices (e.g. company laptops or phones)
• Less than half (43 per cent) have data breach or cyber insurance policies in place.

While preparedness levels were seen to be notably higher amongst organisations that have been affected by a breach in the past, 57 per cent go on to be affected again within two years, the firm says.

With what the company calls unprecedented levels of personally identifiable information being illegally traded on the dark web, the ever increasing sophistication of cybercrime means the potential impact on consumers, if their information is compromised, has never been greater.

Some four in 10 British adults have been affected by a data breach and two thirds (64 per cent) are concerned about falling victim. Most notably it is evidenced that consumers are less understanding, and less willing to see organisations affected by data breaches as ‘victims’. Rather, they increasingly believe that data breaches come as a result of the organisations’ own failures – failures in procedures, security and data controls.

The research findings the firm says bear this out:

• 84 per cent think companies should be penalised for compromising their customers’ personal information
• 83 per cent think companies should be subject to increased regulation to better protect customers
• 80 per cent say their level of trust would decrease if a company lost their personal data
• 67 per cent would advise friends and family against the organisation
• 63 per cent say they are likely to leave an organisation if a data breach occurred.

It appears that UK organisations are failing to recognise and mitigate these risks. Less than half of organisations (47 per cent) would notify customers ‘as quickly as possible’ following a data breach. Less than a quarter (21 per cent) would offer an identity protection service to existing customers, and only one in 10 would offer a free credit monitoring service.

Amir Goshtai, Managing Director, Affinity Experian Consumer Services said: “The prevalence and severity of data breach incidents will continue to accelerate, as will the volume of reported cases. When coupled with the potential for greater regulation, increased consumer awareness and widespread media coverage, it has never been more important for organisations to be well prepared. And at the heart of any plan needs to be an unwavering focus minimising the impact on their customers.

“Consider that 52 per cent of all detected fraud in the last year is now as a result of identity theft together with the fact that already on a single day in February 2015, there was more personally identifiable information illegally traded on the dark web than in a three-month period during 2014. Businesses in the UK are facing an uphill battle to protect themselves and their customers.”

The findings according to the company highlight that UK organisations still have a lot to learn about planning and delivering an effective data breach response. Moreover, learning those lessons will be vital to minimising the damage caused by data breaches.

The firm says that organisations most equipped to withstand the impacts of data will take a proactive, integrated approach with detailed response plans that:

• Focus first and foremost on those affected recognising that this is where all other impacts ultimately will flow from: customers, the wider public, the media and regulators
• Identify response teams, roles, responsibilities and lines of communication
• Draw support and direct involvement at the highest level of the business
• Identify and put in place master agreements with specialist suppliers – outside legal counsel, insurance, digital forensics, consumer support, credit monitoring, and crisis communications
• Incorporate specific plans for each discipline: a digital forensics response plan, a crisis communications plan, a consumer outreach plan and so on
• Mandate regular testing and scenario planning to ensure plans are relevant and cover all possible outcomes.

Visit www.experian.co.uk/databreach.

Related News

  • Case Studies

    Event checkpoints

    by Mark Rowe

    An event security checkpoint from Access Risk Control (ARC) is based on airport-style units, described as a mobile security checkpoint and a…

  • Case Studies

    Body worn video

    by Mark Rowe

    Eight police forces – Bedfordshire, Nottinghamshire, the Met, Hampshire, Durham, City of London, Merseyside and North Wales – will share more than…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing