Privacy Breach Index Survey

Hilb Rogal & Hobbs and the Ponemon Institute have teamed up to launch a new Privacy Breach Index. The Privacy Breach Index (PBI) will be a publicly available benchmarking took to measure responsiveness to data loss or theft. It will be made available at www.privacybreachindex.com

According to the press release, the Index will include objective tools to improve a company’s ability to manage a data breach. The PBI benchmark tool will help: improve existing safeguards to prevent a data breach, determine areas vulnerable to a data breach, and benchmark responsiveness to a data breach against other companies.

The initial PBI was created from the survey results completed by 768 individuals in data protection, IT security and compliance who were experts in their organization for data breaches. All participants had experienced a data breach in the past 24 months, as part of the needs of the benchmarking process.

Although the end result, the PBI benchmarking tool, will be quite useful to see, already the survey results offer some insight. The survey looked at various areas of data incident response: detection and forensics, escalation to management, notification quality and timeliness to breach victims, support to breach victims, post-mortem response, reputation management and response to regulatory or legal action.

“Our study provides further evidence of the importance of having a good quality privacy incidence response plan in place,” said Dr. Ponemon. “More than 83% of respondents believe that the individuals affected by the data breach lost trust and confidence in their organization’s ability to protect their personal information. As we have found in our consumer studies on trust, these perceptions often result in the loss of customer loyalty. In fact, 80% of respondents in the PBI study reported that a certain percentage of data breach victims terminated their relationship with the organization.”

Some interesting findings from the survey:

• 9% of respondents rated their organization’s responsiveness to the most recent data breach as an “A” or excellent. 5% gave their organization an “F” for failure.
• 80% of respondents believe that their organizations experienced some loss of customers or other data breach victims after the incident.
• 50% of participants noted the root cause of the data breach incident to be employee negligence (29% was third party negligence)
• More than 36% of respondents have 1 – 4 data breach incidents involving 100 or more records each year

You can download the 2008 Privacy Breach Index Survey here [PDF]

Via insurance journal