According to Protviti’s 2013 IT Security and Privacy Survey, large and small companies are taking notice of the reputational hazards that accompany high-profile data breaches; but still aren’t doing enough to ensure an adequate public response should one occur.
The survey of 194 IT executives and professionals at companies whose gross annual revenues range from $100 million to $20 billion a year shows that more than two thirds of respondents have increased their focus on cyber security issues in response to the flood of media coverage generated by instances of data loss and theft. But at the same time, more than a third of those surveyed still report that they aren’t aware of any response plan their organization has developed or practiced.
Given the rash of breaches we’ve seen in 2013 alone – at companies, hospitals, government institutions, colleges and universities, and even Twitter – that’s an astonishingly high figure. Today, data breaches are practically inevitable; and when organizations aren’t prepared ahead of time to assuage stakeholder anxiety, they pay a hefty price in terms of brand credibility and trust.
Outreach plans need to be in place so that affected parties can take immediate measures to protect themselves in the wake of a breach. The IT, legal, and communications teams need to work together beforehand to ensure that accurate information about a potential breach can be shared with law enforcement and the general public – without adding to the legal and brand liabilities at play. Organizations need to know the journalists and bloggers who cover data security issues in their industries and develop relationships with those influential voices before they are needed. Perhaps most important, all of the above exercises need to be updated regularly as notification laws, consumer expectations, and media scrutiny continue to evolve.
At a time when every organization is a potential target, more than a third of them aren’t ready to navigate the minefield that is data loss communications. At a time when preparedness is as important as prevention, that means there’s a 33 percent chance that the next company to land in the spotlight will be caught with its pants down.