Business leaders lack confidence in data breach detection report finds
Business leaders lack confidence in their companies’ capabilities to detect data breaches, according to a report.
When the Ponemon Institute and Kilpatrick Townsend & Stockton interviewed 600 firms in the United States, 74 per cent said it is likely that their companies have failed to detect a data breach involving the loss or theft of knowledge assets.
60 per cent said it is likely that some of their data is now in the hands of competitors, yet many of those questioned said they do not know how to protect it in future.
Only 31 per cent of firms said their companies have a classification system that segments information based on value or priority, while just 28 per cent say their measures to mitigate the loss of intellectual property are effective.
Of those who say their schemes are ineffective, 67 per cent say this is due to a lack of in-house expertise, while 59 per cent cite a lack of clear leadership and 56 per cent blame a lack of collaboration between different job functions.
Part of the issue is that executives and boards are not focused on this issue, the report found. 56 per cent of those surveyed said a data breach involving knowledge assets would impact their firms, but 53 per cent said senior management is more concerned with breaches involving credit card information or Social Security numbers.
Despite this, the average cost to remediate attacks against knowledge assets over the past 12 months was $5.4 million (£4.1 million). The most likely cause of the loss of knowledge assets was a careless employee, although the cloud is also a risk – only a third of those surveyed said their firms carefully vet their providers.
“Companies face a serious challenge in the protection of their knowledge assets. The good news is there are steps to take to reduce the risk,” said Dr Larry Ponemon, chairman and founder of the Ponemon Institute.
“First of all, understand the knowledge assets critical to your company and ensure they are secured. Make sure the protection of knowledge assets, especially when sharing with third parties, is an integral part of your security strategy, including incident response plans.
“To address the employee negligence problem, ensure training programs specifically address employee negligence when handling sensitive and high-value data.”