A recent survey of 735 IT and IT security practitioners found that while just 13 percent of respondents felt senior management was extremely concerned about the threat of a data breach before the data breach at Target in late 2013, that number jumped to 55 percent following the Target breach.
The survey, conducted by the Ponemon Institute and sponsored by Identity Finder, also found that respondents’ security budgets increased by an average of 34 percent in the year following the breach, with most of those funds used for SIEM (50 percent), endpoint security (48 percent), and intrusion detection and prevention (44 percent).
The Ponemon report, entitled “2014: A Year of Mega Breaches,” states that following the Target breach and other well-publicized breaches last year, 72 percent of respondents said senior management provided them with the tools and personnel to contain and minimize breaches, 69 percent said they were given the tools and personnel to quickly detect breaches, 67 percent said they were provided with the budget necessary to defend the organization from data breaches, 65 percent said they received the tools and personnel to prevent breaches, and 55 percent say they were provided with the tools and personnel to determine the root causes of data breaches.
Sixty percent of respondents also said they made changes to their operations and compliance processes in response to last year’s well-publicized data breaches — 56 percent created an incident response team, 50 percent conducted training and awareness activities, 48 percent added new policies and procedures, 48 percent began using data security effectiveness metrics, 47 percent added specialized education for the IT security staff, and 41 percent added monitoring and enforcement activities.
Forty-five percent of respondents said their own companies had suffered one or more data breaches in the past 24 months. Among those respondents, 52 percent said their company lost reputation, brand value and marketplace image as a result of the breach; 46 percent said their company lost time and productivity; 38 percent said their company was forced to invest in additional technologies; and 27 percent said their company was forced to invest in notification.
One third of respondents took two or more years to discover the data breach in question, 28 percent took two or more years to resolve the breach, 20 percent were unable to determine if the breach was ever resolved, and 55 percent were unable to determine where the breach took place.
While 42 percent discovered the data breach through automated monitoring, 46 percent say the breach was discovered accidentally.
“This study shows that organizations are dedicating greater attention and financial resources towards managing sensitive information and preventing data breaches, which is certainly encouraging news,” Ponemon Institute founder and chairman Dr. Larry Ponemon said in a statement.
“However, 2015 is predicted to be as bad or worse as 2014 as more sensitive and confidential data and transactions are targeted by attacks and collateral damage,” Ponemon added. “Security is not only about more investments in prevention but also about understanding the data itself that is vulnerable.”
The full report and survey results are available here.
A recent?eSecurity Planet?article offered tips and advice on dealing with a data breach.