As the number of data breaches increases, a recent study found 52 percent of the companies surveyed had experienced a breach, an increase from 49 percent, and despite the increase, it appears that execs are not as involved as they should be in data breach planning.
The study queried 619 executives and staff employees who work primarily in privacy, compliance and IT security in the United States and found that despite the likelihood of a breach occurring, many company leaders aren't actively engaged and avoid responsibility for the effectiveness of their data breach preparedness plan, according to the Ponemon Institute's Fourth Annual Study: Is Your Company Ready for a Big Data Breach?.
In addition, of the 86 percent of respondents who reported having a data breach plan, 42 percent said it was very effective or effective and although it's a significant increase over 2015 satisfaction rate of 34 percent, researchers said in the report that it's in the interest of companies to improve their plans.
The report found that 57 percent of respondents said their company's board of directors, chairman and CEO were not informed and involved in plans to deal with a possible data breach and 34 percent of respondents said the board does understand the specific security threats facing their organization.
“To be effective, data breach response plans need senior level involvement,” researchers said in the report. “Most boards of directors, chairmen and CEOs are not actively engaged, and avoid responsibility, in data breach preparedness.”
To make matters worse, only 41 percent of respondents said their company is able to respond to a data breach involving business confidential information and intellectual property and only 27 percent said they are confident in their ability to minimize the financial and reputational consequences of a material data breach, the report said.
Despite the lack of involvement, the report found that data breaches came in second when respondents behind poor customer service and before product recalls with 23 percent of respondents reporting that a data breach would have a greatest impact on their organizations reputation,
In order to address these issues, researchers said an up to date data breach response plan is a crucial but often missed step when and that while most companies may have a data breach response plan, its often not regularly reviewed or frequently updated. In addition, researchers recommended more involvement from upper management when developing breach response plans.