According to a recent study, organizations and IT practitioners as a whole believe they've made strides to better protect themselves from data breaches.
Nearly three quarters of respondents to a recent survey claim their organizations have put more resources towards security technologies that can adequately detect and respond to a breach.
The feedback comes from an annual survey – “Is Your Company Ready for a Big Data Breach?” - carried out by Ponemon Institute and sponsored by Experian, one of the "big three" major consumer credit bureaus.
In the survey, 57 percent of respondents, up from 49 percent in 2018, said their organization’s data breach response plans are "very" or "highly" effective.
The numbers help illustrate that at least the positivity around organizations' preparedness is up. While it’s not 100 percent, the number of businesses that claim they're prepared to respond to a data breach is up. Only 36 percent of respondents in last year's study said their organizations were equipped to respond to a data breach.
According to the survey, IT admins are getting better at regularly reviewing physical security measures and who accesses confidential information (up 3% to 73%), conducting background checks on new full-time employees and vendors (up 4% to 69%) integrating data breach response into business continuity plans (up 4% to 56%). While not a commanding number, 26% of respondents, up 7% from the year prior, said their organizations were subscribing to a dark web monitoring service to better keep track of threats to data.
As part of the survey, Ponemon queried respondents on the maturity of their organizations' privacy and data protection programs, their ability to deal with spear phishing attacks, ransomware, and how they've been affected by GDPR and CCPA
When it comes to complying with data privacy regulations, companies are adapting too. With the California Consumer Privacy Act set to be enforced on July 1, 56 percent of those who responded said they were aware of it and that their organizations are taking steps to implement changes in light of it. 54 percent of organizations said their organization had a high or very high ability to comply with the European Union's General Data Protection Regulation. That's a 23 percent increase over this time last year, which factored in responses shortly after its implementation.
Not all of the numbers are glowing. Only 15 percent of respondents thought their C-suite executives were knowledgeable because they engage in a review of their organization's data protection and privacy practices. A handful more, 17 percent, said their board members did the same.
When it comes to spear phishing, orgs are mostly fighting a losing battle. 69 percent said their organizations experienced one or more attack; most of them, 67 percent said the negative impact was either very significant or significant. Only half of those polled said they train their employees to mitigate such attacks. The lack of confidence around dealing with these kind of attacks continues to pervade too. Only 23 percent, a figure that's down from 31 percent, said their orgs were confident to deal with them.
The stats are complemented by figures in the same report on companies acknowledging an uptick in breaches of data, up to 63 percent of respondents, from 59 percent the year before, said they’d experienced a data breach of more than 1,000 records at some point in the last two years.
As part of the survey, the Ponemon Institute asked 650 professionals in the U.S. and 456 in EMEA.
