UK Firms Horribly Unprepared for Data Breach Response
17th March 2015
Two new studies reveal that despite a third of UK businesses suffering a breach in the last year, most organisations severely overestimate their readiness to respond to an incident.
On Tuesday, BlueCoat and Experian released independent reports which painted a bleak picture of UK firms' information security practises, finding in particular that companies didn't have appropriate incident response plans, or carry out appropriate risk and security assessments.
In a study which consulted 1,580 infosec professionals, BlueCoat found that nearly a third of UK businesses admitted to a data breach in the last year. However, despite this, it was the high-profile breaches (cited by 61 percent of businesses) which had driven home the importance of cyber-security, compared to 38 percent and 36 percent of German and French respondents.
The study also found that UK firms would sometimes deploy new technology without thinking of risk and security. While two-thirds of Chinese and Indian companies conduct security risk analysis before deploying new technology, only 59 percent of UK and 37 percent of German firms do the same. Two-thirds of UK firms believe their IT teams hold back on risk assessments for new technology, compared to Chinese companies who believe IT teams support new technologies.
Meanwhile, over at Experian, the firm had carried out research and published a white paper gauging the impact of data breach on UK businesses. After surveying 400 senior business executives, the company found that a third of businesses (34 percent) do not have a data breach response plan in place and of those, a quarter do not include specialist crisis communications (23 percent) or legal support (27 percent) while another third had not considered digital forensics.
Only one third have specific budgets set aside to deal with data breaches while just under half had no reporting procedures for lost data or devices (39 percent) or had breach or cyber-insurance policies (43 percent).
Less than half of organisations (47 percent) would notify customers ‘as quickly as possible' following a data breach and less than a quarter (21 percent) would offer an identity protection service to existing customers.
To read full article, click here