A survey of nearly 1,000 IT professionals published finds that when it comes to data protection, it is truly the best and worst of times.
Conducted by The Ponemon Institute on behalf of Experian, a provider of IT services, the survey finds that 63 percent of respondents report their organization suffered a data breach involving more than 1,000 records. While more resources are being poured into data protection, 12 percent of IT professionals reported more than five such breaches in the last year.
Less than a quarter of respondents (23 percent) said their organization is confident in its ability to minimize the financial and reputational consequences of a material data breach. Only 38 percent believe their organization is effective at doing what needs to be done following a data breach to prevent the loss of customers and business partners trust and confidence. About a third (34 percent) are confident in their organization’s ability to respond to global breaches.
Unsurprisingly, 69 percent of respondents said they discovered one or more spear phishing attacks in 2019, with only 23 percent saying they are very confident or confident in their ability to deal with these types of attacks. Another 36 percent also reported that their organization experienced a ransomware attack last year, with only 20 percent feeling confident in their ability to deal with it. A full 68 percent admitted to paying ransom, with the average amount being $6,128.
Greater resources for data protection
On the plus side, more time, effort, and money is now being poured into data protection. Well over half the respondents are integrating data breach response into business continuity plans (56 percent). Nearly three quarters (73 percent) are also now regularly reviewing physical security and access to confidential information. A total of 69 percent are conducting background checks on new full-time employees and vendors, and 26 percent now subscribe to a dark web monitoring service.
Despite that progress, two-thirds of respondents admit their organization hasn’t reviewed or updated their data protection plan since it was put into place, nor have they set a specific time to review and update the plan.
From a managed service provider (MSP) perspective, the best news is that a separate survey finds that more organizations are relying on third parties to protect their data. The challenging part for MSPs is that many of these organizations have plans in place that have become outdated.
Of course, that won’t necessarily stop customers from trying to drive down the cost of implementing an all but nonexistent plan. It’s important for MSPs to painstakingly review those flawed plans to explain why it’s worth paying extra for the services of an organization that knows how to craft, implement, and maintain a data protection plan.
There will never be such a thing as perfect security. Rather, what the customer needs to be reminded of is not just how many breaches might be prevented, but also the rate at which a data breach can be contained. Once the crisis arrives, it’s the latter capability that winds up being priceless.
Photo: tee262 / Shutterstock