Asking For Trouble: Most Companies Don't Have Plans To Handle Data Breach - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Asking For Trouble: Most Companies Don't Have Plans To Handle Data Breach

Among companies that have suffered a data breach, 74% reported a loss of customers and 59% faced potential litigation, the Ponemon survey shows.

Around 85% of IT and security managers say they've suffered a data breach, but less than half have a plan in place for when it happens again.

A survey by the Ponemon Institute of more than 700 IT and security managers in midsize to large businesses shows that while companies increasingly are being hit with security and data breaches, most are lagging when it comes to implementing the proper policies and controls to prepare for and mitigate the legal, regulatory, and financial risks associated with a security failure.

"I think companies are fearful of lawsuits and regulations, but they don't see data loss as affecting their customers," said Larry Ponemon, chairman and founder of the Ponemon Institute, in an interview. "They say it doesn't translate into upset customers or customers who will really leave. A lot of companies are betting the farm that customers won't leave because of a data loss event."

Betting that customers will be forgiving is a big risk. In April, a report came out from Javelin Strategy & Research showing that 77% of 2,750 consumers polled said they would stop shopping at stores that suffer data breaches. In the same month, a report from McAfee showed that one-third of companies said a major security breach could put their company out of business.

Just last week, TJX reported in its first-quarter earnings statement that it took a $12 million hit, or 3 cents per share, because of the loss of more than 45 million credit and debit card numbers that were stolen from its IT systems over an 18-month period. It's considered to be the largest customer data breach on record. TJX had recorded a fourth-quarter charge of about $5 million for similar costs related to the security breach. That means at the end of the first quarter, the breach had already cost the company $17 million.

The new Ponemon survey also shows that of those who suffered a data breach, 74% reported a loss of customers; 59% faced potential litigation; 33% faced potential fines, and 32% experienced a decline in share value.

Almost half of the breach incidents were attributed to lost or stolen equipment such as laptops, PDAs, and memory sticks. The second largest threat came from negligent employees, temporary employees, and contractors.

"Ultimately, when customers vote with their feet, something will change," said Ponemon. "Only if a company sees a loss in revenue will they make changes. Until then, there will be a lot of talk but not a lot of action."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll