Findings Reveal Most Organizations Aren’t Prepared to Manage Data Breach Response, Struggle with Gaps in Cyber Insurance Coverage
NEW YORK and PORTLAND, Ore. — March 10, 2016 — Every organization, in every industry and of every size, is at risk for data breach. Most organizations have experienced a data breach whether or not they know it. According to the new Advisen Ltd. report Mitigating the Inevitable: How Organizations Manage Data Breach Exposures, sponsored by ID Experts®, the majority of breaches are small and may go undetected for a long time. When they are detected, most organizations lack the internal resources to handle breach response, putting them at greater risk for costly fines and lawsuits, reputational harm, and customer identity theft. It’s no wonder then, that 80 percent of organizations are concerned about the consequences of a large breach and the impact it will have on their business. While 64 percent of those surveyed have cyber insurance, most small breaches aren’t covered, leaving organizations struggling with managing gaps in cyber insurance coverage. Download a free copy of Mitigating the Inevitable: How Organizations Manage Data Breach Exposure at https://www2.idexpertscorp.com/how-organizations-manage-data-breach-exposures/.
“The report indicates that there is a lot of concern about data breach impact and uncertainty about data breach response best practices. Most organizations are not prepared to manage the high-risk, high-threat landscape in which we do business,” said Jeremy Henley, director of breach services at ID Experts. “Sixty percent of respondents rely solely on the IT department to manage data breach response. However, best practice is a cross-functional team with a combination of specialties to handle a data breach to fully protect the organization and meet privacy and regulatory compliance.”
“Why do breaches go undetected? Many organizations do not have the qualified resources, processes, or systems in place,” said Aloysius Tan, product manager at Advisen. “For organizations who lack the resources, full-service breach response vendors can help. Respondents are most interested in help with forensics, protection services, pre-breach services, and call center.”
Key Findings of the Report
If they collect or store sensitive data, organizations of all sizes and in all industries are exposed and are at risk for data breach. Organizations that proactively prepare for and manage data breach risk will significantly reduce breach impact. However, the report finds that organizations are not prepared for data breaches, due to inadequate resources.
The majority of breaches are small, under 500 records, and may go undetected for a long time. Eighty percent of organizations are concerned about the consequences of a large data breach and the impact it will have on their business. More than half, or 55 percent of respondents, don’t believe their company has adequate resources to detect breaches, so many breaches may go undiscovered. Seventy-five percent of respondents have developed an incident response plan, but only 42 percent have tested the plan. Seventy-two percent of respondents said they conduct a cybersecurity and privacy risk assessment at least annually. However, they may not have a consistent process in place for effective assessment, resulting in errors or inconsistencies.
The report found that while many organizations are taking key steps to prevent and detect data breaches, many are not prepared for or lack the resources to manage data breach response, including the legal and regulatory requirements. The majority of organizations use internal resources to manage small but high-frequency breaches. In fact, 60 percent of respondents rely solely on the IT department to manage data breach response. However, IT on its own is generally not equipped to handle data breach compliance and regulatory requirements.
Sixty-four percent of those surveyed have cyber insurance. While cyber liability insurance has proven effective in covering many cyber-related losses, the majority of small breaches often fall below cyber insurance policy deductibles that trigger coverage, leaving organizations to manage and pay for all breach response.
Advisen is leading the way to smarter and more efficient risk and insurance communities. Through its information, analytics, ACORD messaging gateway, news, research, and events, Advisen reaches more than 150,000 commercial insurance and risk professionals at 8,000 organizations worldwide. The company was founded in 2000 and is headquartered in New York City, with offices in the US and the UK. Visit www.advisenltd.com for more information.
About ID Experts
At ID Experts, we protect millions of consumers with our identity protection software and services and have a 100 percent success record for identity recovery. We are trusted by thousands of organizations to manage cyber and other risks with our data breach response services. We are the largest provider of identity protection products to the federal government. We serve customers in healthcare, government, insurance, financial services, and higher education. ID Experts actively contributes to the cyber risk community through organizations including NHCAA, HCCA, MIFA, and IAPP. Visit www2.idexpertscorp.com/