The Ponemon Institute and Deloitte & Touche have released a new study looking at privacy & data protection in 2007. The survey, of 800 North American privacy and security professionals, found that data breaches have been prevalent in 2007 with 85% of executives claiming at least one reportable security breach in the last 12 months. In an astonishing 63% of executives have had between 6 and 20 reportable breaches.

The survey found that data breaches are a huge issue both in the percentage of companies affected and in the repeated breaches. Unfortunately, this has placed many companies into reactive mode instead of taking more firm precautions against these security breaches.

Other key findings from the survey:

  • 7% of security professionals’ time is dedicated to employee training
  • 10% of their time is spent establishing an incident response team, reporting and doing root-cause analysis (proactive security activities)
  • 50% of their time is spent in reacting to incidents and fixing those vulnerabilities
  • 20% of incident response time is spent notifying those affected by the breach – versus the 5% they feel should be devoted to this (versus training, analysis, reporting to management)
  • Security programs are developed in the following areas: 
    • Governance – 63.5%
    • Policy Development – 70.6%
    • Operational processes, risk assessment, training – 45-55%
    • Measurable controls – 30%
  • Less than 30% indicate that training programs are conducted annually – most indicate a single training effort or ad hoc efforts

Rena Mears, of Deloitte shares her shock in the state of IT security:

“This survey provides insight into the scale of the problem and how enterprises are struggling to respond. It’s clear that both privacy and security professionals are caught in a reactive cycle.”

Larry Ponemon echoes these concerns:

“The astonishingly high rate of data breache is undermining public trust in both commercial and governmental organizations and points to an urgent need for privacy and security to be elevated as a coordinated, strategic imperative within all organizations”

All of the data we’ve seen this year has indicated that data breaches are a major problem and that there is a disconnect on how to prepare for and prevent such issues.

You can download the full survey here. [PDF]

Via dark reading Tags: , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati