Are businesses as prepared for data breaches as they claim to be?

According to new research from Pierre Audoin Consultants (PAC), 39% of businesses that claim to be prepared if cyber security is breached, do not actually have a plan in place.

ITPro explains that a cyber readiness plan consolidates how a business will respond if a data security breach occurs. The study also revealed that only 30% of businesses with this plan test it monthly and the other 70% test it annually, – this is despite 86% of businesses claiming to have a “high state of readiness,” according to the report. The research by PAC found that the industries most prepared are financial services and the government, but when a data breach happens, they suffer from the highest costs to repair the damage caused.

Regardless of how prepared a business is, PAC says that a data security breach is unavoidable and 67% of respondents said they had encountered a breach in the last 12 months, and 100% had been breached at some point in the past. A breach is “to all intents and purposes inevitable,” PAC said.

Spending on security in all businesses is also moving from a prevent and protect approach to a detect and respond method in order to combat data breaches, according to ITPro. 23% of spend on information security is in this area, however, survey respondents said that within the next two years this will increase to 39%.

Greg Day, vice president and chief technology officer of EMEA for cyber security firm FireEye said that this approach was about striking a realistic balance and not surrendering to attackers. “If I go out, I’m not going to leave doors and windows open in my house, but there is no sense in building Fort Knox when social engineering can easily circumnavigate defences,” Day said.

Director at PAC, Duncan Brown, agreed with Day and said that business security had been misaligned recently and there is a need to change their approach to work with the new detect and respond method. “We are not talking about abdicating prevent and protect, but balancing it with a fully formed detect and respond strategy,” said Brown.


Related reading