83% of companies unprepared for a security breach

A mere 17% of companies are fully prepared for an online security breach, and over a third still have no formal incident response plan in place, according to an international survey.

The majority of companies are still not properly prepared even though 76% have suffered a security incident over the past two years, the survey shows.

The Economist Intelligence Unit (EIU) polled 360 business leaders in APAC, North America and Europe on behalf of Arbor Networks.

The results show that half the companies feel they are unable to predict the business impact of a breach when one occurs, and 40% believe that a better understanding of potential threats would leave them better prepared.

But some progress is being made, with responses suggesting that 80% of companies will have an incident response team and plan in place within the next few years.

Companies with a response plan in place already typically rely on the IT department to lead the process, but the majority also make use of external resources, including specialist legal advisers and IT forensic experts.

“There is an encouraging trend towards formalising corporate incident response preparations,” EIU senior editor James Chambers commented. “But with the source and impact of threats becoming harder to predict, executives should make sure that incident response becomes an organisational reflex rather than just a plan pulled down off the shelf.”

The results also show that companies remain reluctant to disclose details about security breaches. The majority (57%) do not voluntarily report incidents when they are not legally required to, and only a third share information about incidents with other organisations to help improve industry best practices.

This white paper explains some of the challenges involved in preventing data breaches.

Image courtesy of Ralph Aichinger under CC