Member Article

UK Businesses Underestimate Readiness To Cope With DataBreach

Almost 1/5 have suffered at least one data breach in the last two years – 40% of British consumers affected

Experian, the global information services company, has released Data Breach Readiness 2.0: The Customer First Data Breach Response, a whitepaper revealing the true picture of British organisations’ preparedness for the growing threat of data breach.

Drawing on insights from more than 400 senior business executives, the research reveals that:

• 34% do not have a data breach response plan in place at all
• Of those that do, a quarter of these plans do not include specialist crisis communications (23%) or legal support (27%)
• More than a third (37%) had not included or considered digital forensics
• Only one third have specific budgets set aside to deal with data breaches, in spite of 81% saying they are concerned about the financial impact of recovering from a breach
• 39% have no reporting procedures in place for lost data or devices (e.g. company laptops or phones)
• Less than half (43%) have data breach or cyber insurance policies in place.

While preparedness levels were seen to be notably higher amongst organisations that have been affected by a breach in the past, 57% go on to be affected again within just two years.

With unprecedented levels of personally identifiable information being illegally traded on the dark web, the ever increasing sophistication of cybercrime means the potential impact on consumers, if their information is compromised, has never been greater.

4 in 10 British adults have been affected by a data breach and two thirds (64%) are concerned about falling victim in the future. Most notably it is evidenced that consumers are less understanding, and less willing to see organisations affected by data breaches as ‘victims’. Rather, they increasingly believe that data breaches come as a result of the organisations’ own failures – failures in procedures, security and data controls.

The research findings clearly bear this out:

• 84% think companies should be penalised for compromising their customers’ personal information
• 83% think companies should be subject to increased regulation to better protect customers
• 80% say their level of trust would decrease if a company lost their personal data
• 67% would advise friends and family against the organisation
• 63% say they are likely to leave an organisation if a data breach occurred.

It appears that UK organisations are failing to recognise and mitigate these risks. Less than half of organisations (47%) would notify customers ‘as quickly as possible’ following a data breach. Less than a quarter (21%) would offer an identity protection service to existing customers, and only one in 10 would offer a free credit monitoring service.

Amir Goshtai, Managing Director, Affinity Experian Consumer Services commented: “The prevalence and severity of data breach incidents will continue to accelerate, as will the volume of reported cases. When coupled with the potential for greater regulation, increased consumer awareness and widespread media coverage, it has never been more important for organisations to be well prepared. And at the heart of any plan needs to be an unwavering focus minimising the impact on their customers.

“If you consider that 52% of all detected fraud in the last year is now as a result of identity theft, businesses in the UK are facing an uphill battle to protect themselves and their customers.”

The findings of Data Breach Readiness 2.0: The Customer First Data Breach Response highlight that UK organisations still have a lot to learn about planning and delivering an effective data breach response. Moreover, learning those lessons will be vital to minimising the damage caused by data breaches.

The organisations most equipped to withstand the impacts of data will take a proactive, integrated approach with detailed response plans that:

• Focus first and foremost on those affected recognising that this is where all other impacts ultimately will flow from: customers, the wider public, the media and regulators
• Identify response teams, roles, responsibilities and lines of communication
• Draw support and direct involvement at the highest level of the business
• Identify and put in place master agreements with specialist suppliers – outside legal counsel, insurance, digital forensics, consumer support, credit monitoring, and crisis communications
• Incorporate specific plans for each discipline: a digital forensics response plan, a crisis communications plan, a consumer outreach plan and so on
• Mandate regular testing and scenario planning to ensure plans are relevant and cover all possible outcomes.

Download:Data Breach Readiness 2.0: The Customer First Data Breach Response

This was posted in Bdaily's Members' News section by 4D-DC .