Firms not ready for data breaches, says survey

Many firms have no strategy for dealing with the fallout from data loss

Firms need better data loss strategies

Only a quarter of UK organisations feel able to respond effectively to a data breach, despite the fact that they experience on average 1.5 data breaches every year, according to a survey from computer forensics firm Kroll Ontrack.

And while 56 per cent of respondents have conducted a vulnerability assessment in the past 12 months, only 25 per cent are confident in their incident response.

In addition, 15 per cent of companies believe their responses to data breaches are not effective at all.

Martin Carey, managing director of Kroll Ontrack UK said it is concerning that so few UK organisations believe they could mount a strong response to a data breach incident.

“Since no company can expect to completely eliminate the threat of data breaches through preventative measures, an organisation’s ability to detect and react swiftly to an incident is paramount,” he said.

"The cost implications, in terms of replacing lost data and compensating those affected are evident, but businesses may also face legal consequences following a breach due to the rising number of data breach notification laws."

The report also points out that companies could suffer reputational damage and loss of customer trust as a result of a major breach incident - and that these may be the most severe consequences of all.

The most important finding from the research revealed that while most organisations have a document retention policy, only 41 per cent have a discovery readiness strategy – a policy of what to do when information goes missing.

Organisations have a legal obligation to preserve documents if they anticipate litigation, but 43 per cent do not have a mechanism to preserve potentially relevant data when litigation or an investigation is anticipated.

In addition, 38 per cent of firms do not know if they have updated their security policies as a result of virtualisation, cloud computing and social networking in the corporate realm.