Friday, October 3, 2014
A second annual survey from Experian and the Ponemon Institute appears to show that more companies are prepared for a data breach, and that cyber insurance policies are becoming a more important part of those preparedness plans.
The study, which surveyed 567 executives in the United States, found that 73 percent of companies now have data breach response plans in place, up from 61 percent in 2013. Similarly, 72 percent of companies now have a data breach response team, up from 67 percent last year.
In the last year the purchase of cyber insurance by those companies has more than doubled, with 26 percent now saying they have a data breach or cyber policy, up from just 10 percent in 2013.
However, this means that two-thirds of respondents – 68 percent – are still not buying cyber policies. (Six percent of respondents are also unsure whether their company has cyber insurance.)
Interestingly, the fact that more companies have data breach response plans in place does not appear to instill greater confidence that they are effective.
Despite the existence of plans, only 30 percent of respondents say their companies are effective or very effective in developing and executing a data breach plan, the survey found.
Why are the plans not effective?
The survey indicates that in many cases a breach response plan is largely ignored after being prepared.
Some 41 percent of respondents say there is no set time for reviewing and updating the plan, while 37 percent say they have not reviewed or updated the plan since it was put in place.
All of this comes as the frequency of data breaches is accelerating. Some 60 percent of respondents say their company experienced more than one data breach in the past two years, up from 52 percent in 2013. And 43 percent say their company had a data breach in the last year, up from 33 percent in 2013.
Check out the latest I.I.I. white paper on this topic Cyber Risks: The Growing Threat.
More on this story from the Wall Street Journal’s Risk & Compliance Report.