Cybersecurity Planning Up, But Training Lags

Hilary Tuttle


November 1, 2014

More companies have data response plans and teams in place to handle a cybersecurity crisis, according to the study "Is Your Company Ready for a Big Data Breach?" from the Ponemon Institute and Experian Data Breach Resolution. In a 2013 survey, the groups found that 61% of companies had such a plan and 67% had a breach response team in place. After just a year, these increased to 73% and 72%, respectively.

But businesses still are not doing enough. The number of respondents whose company suffered a breach increased by 10% in the past year. One in 10 reported holding a cyberinsurance policy last year, but highly public breaches and increasing awareness of the risks appear to have made a difference, moving that rate to one in four respondents in 2014.

While other Ponemon research concluded that employee errors are one of the most common causes of data breach, only 54% have privacy and data protection awareness training for those with access to sensitive information. Further, in the event of an incident, customer service is a critical component of breach response, retaining existing business and mitigating reputation damage. Yet just 34% of businesses train customer service personnel to respond to a cyber crisis.

Hilary Tuttle is managing editor of Risk Management.