A new survey has found that many companies don’t take steps to improve data security following a significant breach.
US security research firm, Poneman Institute, recently surveyed 471 companies, all of whom had had at least one data security breach, with 52 per cent having two or more.
The report, Is Your Company Ready for a Big Data Breach?, examines the consequences of data breach incidents and the steps taken to lessen future damage.
Having experienced a data breach previously, the majority of respondents were well aware that the fallout is significant:
- 76% have had, or expect to have, a breach that results in the loss of customers and business partners.
- 75% have had, or expect to have, an incident that results in negative public opinion and media coverage.
- 66% have or believe they will suffer serious financial consequences as a result of an incident.
Yet despite this, nearly 40 per cent of surveyed organisations have not developed a formal breach preparedness plan even after having a breach.
Closer to home, the results are only marginally better. When the inaugural CERT Australia Cyber Crime and Security Survey Report was released in February this year, it found that of the 20 per cent of respondents who had experienced a data breach, only half had increased their spending on IT security in the previous 12 months.
The Australian Government is taking data breaches seriously. With the changes to the Privacy Act scheduled to take place in March 2014, the Attorney-General and Privacy Commissioner have urged businesses to get ready for the changes now.
‘The new laws are an important milestone for privacy in Australia. Organisations should be considering what changes they may need to make to their policies, systems and processes,’ Australian Privacy Commissioner Timothy Pilgrim said.
Under the new laws an entity must now take reasonable steps to protect the personal information it holds from misuse; interference and loss; and from an unauthorised access, modification, or disclosure. The inclusion of interference is new and requires additional measures to be taken to protect against computer attacks and other interferences of this nature.
‘Businesses and government agencies cannot ignore the need to take steps to protect the personal information of their customers or clients,” said Mr Pilgrim.
If you want to protect your company from an embarrassing data breach, Grace Information Management can help. Our core business is the confidential, safe and secure storage and retrieval of your business records, which is why we are leaders in data protection.
Our meticulous processes and expert staff are supported by the best facilities. Our new data centre provides state-of-the art security with passcode and proxy card entry only, CCTV cameras at every entry/exit point, the latest in professional hardware and software, and multiple redundancies in place including a clustered server and off-site back up process.