With security breaches on the rise, new research shows businesses aren’t doing everything they can to keep their customers’ personal information safe.
A study by Experian Data Breach Resolution and the Ponemon Institutefound that only half of the surveyed businesses feel their organization makes the best possible effort to protect customer and consumer information.
Specifically, 60 percent of the businesses reported that customer data – including credit card information and social security numbers – that had been lost or stolen was not encrypted.
Not all breached data is the result of a malicious attack by cybercriminals, however. The research shows that breaches most often are the result of a negligent insider or the result of outsourcing data to a third party.
“The responsibility of keeping customers’ information secure cannot lie solely on the shoulders of IT; rather, every executive in the organization should be aware, since the reverberation of a breach will be felt by everyone,” said Ozzie Fonseca, senior director at Experian Data Breach Resolution.
After experiencing the damage that can be done from a security breach, estimated at $214 per record, 61 percent of businesses increased their security budget and 28 percent hired additional IT security professionals.
To avoid the repercussions of a breach, Experian Data Breach Resolution offers several pieces of advice, including:
- Educate. Since negligent employees or contractors make organizations the most vulnerable to future breaches, conducting training and awareness programs and enforcing security policies should be a priority for organizations.
- Support. With increased privacy and data protection comes the need for larger security budgets. It doesn’t just take time; it takes monetary support, as well.
- Hire. The top three actions believed to reduce the negative consequences of a data breach are: hiring legal counsel, assessing the harm to victims and employing forensic experts.
- Learn. Lessons to be taken away from a data breach include: limiting the amount of personal data collected, limiting sharing with third parties and limiting the amount of personal data stored.
The study was based on surveys of more than 500 IT professionals who have experienced a data breach at their company.