New Study by Experian® Data Breach Resolution and Ponemon Institute Examines the Aftermath of Data Breaches
IT Professionals Provide Insight into How Data Breaches Impact Organizations
Irvine, Calif., January 25, 2012 - Nearly everyday
consumers willingly provide their personal information to
organizations online with no hesitation, neglecting to
realize how that information can be exposed due to employee
negligence, insider maliciousness, system glitches or
attacks by cyber criminals. With Data Privacy Day
(Saturday, January 28) right around the corner, Experian
Data Breach Resolution and the Ponemon Institute released
today compelling survey findings from more than 500 IT
professionals who have experienced a data breach at their
company.
"The responsibility of keeping customers' information secure cannot lie solely on the shoulders of IT; rather every executive in the organization should be aware since the reverberation of a breach will be felt by everyone," said Ozzie Fonseca, senior director at Experian Data Breach Resolution. "Survey results show us that a data breach is often the result of human error or a crime- neither of which can be 100 percent prevented. As such, companies must put measures in place - training, preparedness plans, guidelines, etc. -- to help protect their customers' information."
Survey respondents had 10.5 years or more of IT experience, with 73 percent reporting directly or indirectly to the chief information officer (CIO) or the chief information security officer (CISO). Also, to ensure that the answers were based on the same breach throughout the entire survey, respondents were asked to focus only on one data breach they believed had the greatest financial and reputational impact to their organizations.
"Data breaches are frequent and as a result millions of consumers are vulnerable to having their identity stolen," said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. "IT professionals in this study are correct when they say that following the loss or theft of consumer data it is critical for companies to take steps to understand the root cause in order to prevent another breach and protect consumers from future harm."
The study yielded compelling insights, found below, into how a company assesses the cause, reacts to the breach and evaluates next steps.
• Circumstances of a data breach - After the breach
has occurred, there is an obvious immediate question - How
did this happen?
o Sixty percent of respondents say the customer data
that was lost or stolen was not encrypted.
o Examples of the types of data that companies lost
included, but not limited to, email (70 percent), credit
card or bank payment information (45 percent), and social
security numbers (33 percent).
o If the organization was able to determine the cause
of the breach, most often it was the negligent insider (34
percent); 19 percent say it was the outsourcing of data to
a third party and 16 percent say a malicious insider was
the main cause.
• Responses to the data breach - After the breach occurred, as with any crisis, response time to all stakeholders is imperative.
o Startlingly, only half (50 percent) of respondents
felt that their organization made the best possible effort
to protect customer and consumer information.
o When it came to reducing the negative consequences
of the data breach, retaining outside legal counsel (56
percent) and carefully assessing the harm to victims (50
percent) ranked the highest.
o Despite the fact that many organizations lose the
loyalty of their customers following a data breach, 64
percent of respondents say their company neglected to offer
credit monitoring services and 73 percent say they don't
offer identity protection products or services such as
credit monitoring and other identity theft protection
measures, including fraud resolution, scans and alerts.
• Impact of the breach on privacy and data protection
practices - As with any activity that makes a company
vulnerable, the key is to figure out how to protect it from
happening again.
o The majority of respondents (66 percent) say that
the experience of investigating the causes of the breach
will help them in determining the root causes of future
breaches.
o Negligent insiders and third parties are the main
(66 percent) reason organizations are vulnerable to future
breaches.
o Following the data breach, 61 percent of respondents
say their organizations increased the security budget and
28 percent hired additional IT security staff.
While respondents were candid with their feedback, they
also offered suggestions as to how many of these issues
could be addressed in an effort to mitigate future threats.
These resolution points include the following:
• EDUCATE: By far, negligent employees,
temporary employees or contractors make organizations
vulnerable to future breaches, so conducting training and
awareness programs and enforcing security policies should
be a priority for organizations.
• SUPPORT: Privacy and data protection became a
greater priority for senior leadership following the
breach, and as a result security budgets for most
organizations in this study also increased. It doesn't just
take time; it takes monetary support as well.
• HIRE: The top three actions believed to reduce
the negative consequences of the data breach are hiring
legal counsel, assessing the harm to victims and employing
forensic experts.
• LEARN: Lessons learned from the data breach
are to limit the amount of personal data collected, limit
sharing with third parties and limit the amount of personal
data stored.
To access the full "Aftermath of a Data Breach" Report, visit .
About Experian Data Breach Resolution
Experian® is a leader in the data breach resolution
industry and one of the first companies to develop
solutions that address this critical issue. As an innovator
in the field, Experian has a long-standing history of
providing swift and effective data breach resolution for
thousands of organizations, having serviced millions of
affected consumers. For more information on how Experian
Data Breach Resolution services enable organizations to
plan for and successfully respond to data breaches, visit .
About Experian
Experian is the leading global information services
company, providing data and analytical tools to clients in
more than 80 countries. The company helps businesses to
manage credit risk, prevent fraud, target marketing offers
and automate decision making. Experian also helps
individuals to check their credit report and credit score,
and protect against identity theft.
Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended 31 March 2011 was US $4.2 billion. Experian employs approximately 15,000 people in 41 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.
Experian and the Experian marks used herein are service marks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.
###
distribué par | Ce noodl a été diffusé par Experian plc et initialement mise en ligne sur le site http://www.experiangroup.com. La version originale est disponible ici. Ce noodl a été distribué par noodls dans son format d'origine et sans modification sur 2012-01-25 18:35:09 PM et restera accessible depuis ce lien permanent. Cette annonce est protégée par les règles du droit d'auteur et toute autre loi applicable, et son propriétaire est seul responsable de sa véracité et de son originalité. |