The Ponemon Institute, headquartered in Traverse City, Michigan, recently released their data breach survey which surveyed over 500 executives in the United States about how they think their company would respond to a breach. Last year when they completed this survey, about 61 percent of companies said they had data breach response plans in place for such an event. This year that percentage has increased to 73 percent. While this is good, breaches are also happening more frequently, 33 percent of companies surveyed in 2013 said their company experienced a breach, this year it increased to 43 percent. That is a big number for one year’s worth of growth. The 2013 study said that 52 percent experienced more than one breach in two years, that number is now up to 60 percent.
One statistic that we are very happy to see is the number of companies that have increased their data protection awareness and employee education programs. These programs are very important for companies because they deal with employee mistakes and human error as it relates to breaches(employees are the leading cause of data breaches). This year 54 percent of companies have these programs, up from 44 percent last year.
Okay, so we’ve given you a bunch of numbers and that’s all fine and good, what on earth does it all mean? First off it shows that more companies are starting to get on board with the idea that cybersecurity is important. Notoriously, executives are unlikely to want to be involved in all of the “techie” stuff because they don’t understand it and/or they don’t want to understand it. This is a problem. If your executives do not understand what your job is and how that impacts how the rest of the company operates, we have a problem. If you are like more modern-day businesses, the majority of what you do is on a computer, be it accounting, graphic design, retail purchases, whatever it may be, odds are you use computers to get it done and we know that everyone gets rather annoyed when computers don’t work.
Now what happens when those computers cease to be secure and data gets breached? Most often you get slapped with a class-action lawsuit for failing to protect your clients/customers' data, and unless you have really good lawyers, you will not win. This means you could have to pay out thousands, maybe millions in legal fees and settlements. The 2014 Cost of Data Breach Study, which was sponsored by IBM, the average cost of a data breach to a company was $3.5 million in US dollars and 15 percent more than what it cost the previous year. If you do your due diligence and attempt (we can only attempt after all) to secure your data, your expenses will be in the thousands. However, compared with millions that is a small price to pay.
Breaches happen, sometimes we can take all the precautions in world and still have a breach. But, there are steps you can take to secure data. If you take those steps and are putting forth the effort, your likelihood of being on the losing side of a lawsuit decreases dramatically.
