10 Nov 2009
Only a quarter of UK organisations feel able to respond effectively to a data breach, despite the fact that they experience on average 1.5 data breaches every year, according to a survey from computer forensics firm Kroll Ontrack.
And while 56 per cent of respondents have conducted a vulnerability assessment in the past 12 months, only 25 per cent are confident in their incident response.
In addition, 15 per cent of companies believe their responses to data breaches are not effective at all.
Martin Carey, managing director of Kroll Ontrack UK said it is concerning that so few UK organisations believe they could mount a strong response to a data breach incident.
“Since no company can expect to completely eliminate the threat of data breaches through preventative measures, an organisation’s ability to detect and react swiftly to an incident is paramount,” he said.
"The cost implications, in terms of replacing lost data and compensating those affected are evident, but businesses may also face legal consequences following a breach due to the rising number of data breach notification laws."
The report also points out that companies could suffer reputational damage and loss of customer trust as a result of a major breach incident - and that these may be the most severe consequences of all.
The most important finding from the research revealed that while most organisations have a document retention policy, only 41 per cent have a discovery readiness strategy – a policy of what to do when information goes missing.
Organisations have a legal obligation to preserve documents if they anticipate litigation, but 43 per cent do not have a mechanism to preserve potentially relevant data when litigation or an investigation is anticipated.
In addition, 38 per cent of firms do not know if they have updated their security policies as a result of virtualisation, cloud computing and social networking in the corporate realm.
The fact that UK companies are experiencing an average of 1.5 data breaches each year is, in itself, an alarming statistic. Yet it is all the more startling that many organisations continue to put their data at risk during the application testing process.
Application testing is a common cause of data loss, and recent research has shown that the majority of large organisations conduct such testing on a weekly basis, with 79% using live production data in the process. Yet the same research also showed that over two thirds of these organisations do not have any data masking measures in place when doing so.
Whilst having a contingency plan to deal with data loss should be encouraged, organisations should be trying to prevent such security breaches altogether. Data masking is a well-known, yet often-overlooked means of ensuring security during the application testing process, and increasing its usage should be seen as a valuable step towards reducing the frequency and the scale of data breaches.
Posted by: Peter Mollins, Micro Focus 11 Nov 2009
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Will Google’s new privacy policy impact how you use its services?
Rubbish in... rubbish enterprise. Why proper data management is so important (video, 6 min)
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Upcoming Events
Join us to meet other professionals tackling this issue, and hear from Goy Roper, interim head of ICT of Norfolk County Council how his organisation deployed a flexible and intelligent network to cope with the challenge
Date: 07 Mar 2012
Time: 9am
The implementation of robust, relevant digital strategies is more crucial than ever to the success of insurance businesses
Date: 01 Mar 2012
Time: 09:00am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
