Osterman Research conducted a survey on behalf of Proofpoint to gauge problems, attitudes and actions toward data breaches and their aftermath. The survey was conducted with decision makers and influencers in organizations in the United States and Canada.
Key findings from the survey:
• Sixty-eight percent of respondents said they are prepared to address breaches of sensitive or confidential information in their organizations. This is in stark contrast to the response time if a breach occurred. Seventy-five percent of organizations would take hours – and more than a third would take days or weeks – to detect it. Moreover, one in 11 respondents are not sure about how long would be required to detect the breach.
• Because the attack surface in most organizations is large and getting larger over time, the longer it takes to detect and respond to a breach, the more data that will be lost and the more damage that will be done.
• Only 29 percent of organizations look to their CISO to manage initial breach response, and only 33 percent have the CISO manage the follow-up phases of a breach.
• Many organizations use some level of technology to detect breaches, but more than a third rely on significantly manual methods.
• At best, 25 percent of organizations are using automated systems to discover and remediate sensitive content. However, because sensitive data is typically distributed across the enterprise, decision makers lack visibility into where this data is stored or who has access to it.
• At least four IT and related staff members per 1,000 employees are required to deal with data breaches as their primary responsibility until the breach has been resolved.
• Fewer than one-half of the organizations surveyed have a data breach/cyber insurance policy, while only about one-third have a data breach mitigation budget. Among organizations that have a data breach mitigation budget, most will have a larger budget in 2015 than they did in 2014.
• On a four-point scale of readiness, from “Not Well Trained at All” to “Very Well Trained”, one-half of IT staff and two-thirds of senior managers rate themselves in the lower half of the scale in assessing their own readiness to deal with data breaches in a way that will minimize their impact.
• More than 50 percent of organizations are more focused on data breaches because of very well publicized and high profile breaches at Target, Home Depot, Neiman-Marcus and others.
• Fifty-five percent of organizations indicated that detecting and preventing data breaches are among their highest priorities in 2015, with nine percent stating it is their highest priority.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program