Increased security investments aren't stopping data breaches
Companies are putting more resources into security technologies to detect and respond quickly to a data breach, but the number of breaches is still increasing according to a new report.
The latest annual corporate preparedness study from Experian, based on research carried out by the Ponemon Institute, shows 68 percent of respondents are putting more resources into security, with 57 percent also reporting that they believe their data breach response plans are 'very' or 'highly' effective, up from 49 percent in 2018.
Steps taken include regularly reviewing physical security and access to confidential information (73 percent, up three percent), conducting background checks on new full-time employees and vendors (69 percent, up four percent), integrating data breach response into business continuity plans (56 percent, up four percent), and subscribing to a dark web monitoring service (26 percent, up seven percent).
Organizations have improved their ability to comply with GDPR too, with 54 percent of respondents saying they have a high or very high ability to comply with the regulation, up from 36 percent in the last survey.
But despite all of this breach numbers are up and levels of confidence in dealing with them are down. 63 percent of those surveyed report they have had a data breach involving more than 1,000 records, a four percent increase from 2018.
Since 2017, the number of respondents who say their organization is very confident or confident in its ability to deal with spear phishing attacks has declined from 31 percent to 23 percent. 69 percent of respondents had one or more spear phishing attacks in 2019.
In addition 36 percent of respondents say their organization had a ransomware attack last year with only 20 percent feeling confident in their ability to deal with it. The average ransom was $6,128 and a worrying 68 percent of respondents say it was paid.
"It's a bit surprising to see that organizations have made great strides in certain areas, but not in others, especially when it comes to fighting rudimentary attacks, such as spear phishing or IoT and malware infiltration," says Michael Bruemmer, vice president of data breach resolution at Experian. "But, overall, with 94 percent of organizations having a data breach response plan in place, and a third deploying data protection program activities across the enterprise with C-level support, security postures have improved immensely. However, organizations shouldn't let their guard down and should continue to invest in trainings, technology and external response partners."
The full report is available from the Experian site.