The Ponemon Institute, which does a lot of research in IT and data security, just released its findings on the characteristics of – and reactions to – data breaches at 584 companies. One out of five were financial services companies, the largest industry segment in the survey.
Overall, the IT professionals surveyed say that as a result of their recent incidents, they feel more confident than senior leadership about the ability to keep customer data secure from future breaches. As a broad trend, privacy and data protection became a greater priority for senior leadership following a breach. As a result, IT security budgets for most organizations in this study increased. Lessons learned from the data breach are to limit the amount of personal data collected, limit sharing with third parties and limit the amount of personal data stored.
Here are some of Ponemon's findings on the nature of recent data breaches, and how they impacted organizations and customers:
- In most cases, sensitive data lost or stolen was not encrypted. “Sixty percent of respondents say the customer data that was lost or stolen was not encrypted and 16 percent are unsure.”
- Organizations report that it was their most sensitive data was lost or stolen. “Respondents report the loss of email addresses and credit card or payment information.”
- Insiders and third parties are most often the cause of the data breach. “Forty-four percent of respondents say they were not able to determine the root causes of the breach or are unsure. If the organization was able to determine the cause of the breach, most often it was the negligent insider (34 percent). Nineteen percent say it was the outsourcing of data to a third party and 16 percent say a malicious insider was the main cause.”
- Data breaches reduce an organization’s productivity. “Fifty percent of respondents say the most negative consequence of the breach was the loss of productivity. In the aftermath of a data breach, key employees may be diverted from their usual responsibilities to help the organization respond to and resolve the data breach. This is followed by a loss of customer loyalty (41 percent) and legal action (34 percent) as the most negative consequences.”
- Data breach response strategies need improvement. “Fifty percent believe their organization made the best possible effort following the data breach. However, only 30 percent say that it was successful in preventing any negative consequences from the data breach. In addition, only 27 percent believe their data breach notification efforts increased customer and consumer trust in their organization.
- Organizations are now minimizing the amount of personal data collected, shared and stored. “Almost half (49 percent) now say they limit the amount of personal data collected and 48 percent now limit the sharing of this data with third parties. Forty-two percent say the organization limits the amount of personal data stored. However, only 27 percent say the organization now limits the amount of personal information used for marketing purposes.”
Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.
Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.
This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.
The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.
