Experian Data Breach Resolution releases second annual study on corporate data breach preparedness

Findings show that while companies are more aware and taking initial steps to prepare, they are not fully practiced and confident in their data breach response

Costa Mesa, Calif., September 24, 2014 — Experian Data Breach Resolution, a leader in helping businesses plan for and mitigate consumer risk following data breach incidents, released a new study with the Ponemon Institute on data breach preparedness. The second annual study, Is Your Company Ready for a Big Data Breach?, found that executives are concerned about the effectiveness of their data breach response, despite taking the basic steps to be prepared.

“While more organizations have data breach preparedness on their radar and have developed a response plan, a majority of companies are not putting the support and resources behind having it truly be effective,” said Michael Bruemmer, vice president, Experian Data Breach Resolution. “A checklist response plan alone doesn’t mean you’re prepared. There should be an incident response team in place that practices the plan and ongoing investment from the C-suite to ensure technologies are up-to-date, external breach experts are secured, and selection of an identity protection product for affected customers is determined prior to an incident to ensure a quick and smooth response.”

Key findings from the study include:

Companies understand the importance of data breach preparedness
With data breaches making headlines the world over, awareness for data security is at an all-time high and more companies are preparing with a data breach response plan.
• Data breaches are becoming ubiquitous with almost half (43 percent) of organizations surveyed having suffered at least one security incident, up 10 percent from 2013.
• As a result, more companies have a data breach response plan in place (73 percent), up 12 percent from 2013.
• Forty-eight percent of organizations increased investments in security technologies in the past 12 months.

Confidence amongst senior executives to manage a data breach remains low
Despite increased security investment and having incident response plans in place, when asked in detail about the preparedness of their organization, survey respondents were not confident in how they would handle a major issue.
• Sixty-eight percent of respondents felt unprepared to respond to a data breach.
• Most haven’t or don’t regularly update their plan (78%) to account for changes in threats or as processes at a company change.
• Thirty percent of respondents felt their data breach response plan was ineffective.
• Concerns are not just operational. Many companies were more concerned about threats being harder to manage for IT security teams.

Executives recognize what needs to happen to improve their incident response
• The vast majority of executives (70 percent) surveyed want more oversight and participation from board members, chairman and CEO for data breach preparedness.
• Seventy-seven percent suggested more fire-drills to practice data breach response would help them be more prepared.
• Respondents ranked identity theft protection products and access to a call center as the two most important services a company should provide customers following a breach.
• Sixty-nine percent indicated additional funding as a major need to improve response activity.

"Compared to last year's study results, survey findings show encouraging signs that organizations are beginning to better prioritize data breach prevention, but more needs to be done," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "Companies should be careful of not becoming complacent because they have a response plan in place or just completed a security audit. Preparedness requires ongoing maintenance and diligence.”

To access the full report, Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness, visit http://www.experian.com/data-breach/2014-ponemon-preparedness.html?.

Additional data breach resources, including webinars, white papers and videos, can be found at: http://www.experian.com/databreach. Read the Experian Data Breach Resolution blog by visiting http://www.experian.com/dbblog.

Leah Motz
1 206 664 7843

Sandra A. Bernardo, APR
Experian Data Breach Resolution
1 949 567 3676

About Experian Data Breach Resolution
Experian Data Breach Resolution, powered by the nation’s largest credit bureau, is a leader in helping businesses plan for and mitigate consumer risk following data breach incidents. With more than a decade of experience, Experian Data Breach Resolution has successfully serviced some of the largest and highest-profile breaches in history. The group offers swift and effective incident management, notification, call center support and reporting services while serving millions of affected consumers with proven credit and identity protection products. In 2013, Experian Data Breach Resolution received the Customer Service Team of the Year award from the American Business Awards. Experian Data Breach Resolution is active with the International Association of Privacy Professionals, the Health Care Compliance Association, the American Health Lawyers Association, the Ponemon Institute RIM Council and InfraGuard and is a founding member of the Medical Identity Fraud Alliance. For more information, visit www.experian.com/databreach.

About Experian
Experian is the leading global information services company, providing data and analytical tools to clients around the world. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended 31 March 2014 was US$4.8 billion. Experian employs approximately 16,000 people in 39 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and São Paulo, Brazil.

For more information, visit http://www.experianplc.com.

Experian and the Experian marks used herein are trademarks or registered trademarks of Experian Information Solutions, Inc. Other product and company names mentioned herein are the property of their respective owners.

# # #