Skip to main content
Are You in the Half of Firms with No Tested Data Breach Plan?

Last week alone, a New York hospital, a US car washing business and a UK online retailer all suffered headline-making data breaches. There is no fool-proof cybersecurity defence, so businesses of all sizes need to consider not only how they can prevent breaches but also determine what they will do should the worst happen.

Additional losses are heaped on companies that fail to manage the fallout from a breach well. Poor customer communication, disastrous PR and a slow or ineffective response all damage reputation, lose customers and worry shareholders.

Despite this, a new, independent cybersecurity survey we commissioned with independent research and consultancy firm Ovum shows that only 51% of companies surveyed have a tested data breach response plan.

Looking across the six countries we surveyed, it’s clear that some are doing better than others, though none had excellent coverage on this question. The Norwegians are top of the class - 62% of respondents have a tested data breach response plan; the UK is at the other end of the scale with just 41%.

Chart showing percentages of firms by country with tested data breach response plan There was less variation when we looked at the industries surveyed across all countries: e-commerce/retail had the lowest figure at 49%, and telecommunications were the highest with 54%. Looking at the industry data at a country level did yield interesting anomalies. In the UK only 25% of e-commerce/retail companies had a tested data breach response plan, while 78% of Norwegian media services companies do. Size of company didn’t seem to be a factor in whether firms had a tested data breach response plan.

The General Data Protection Regulation (GDPR) is about to be enforced, and it impacts organizations not only in Europe but worldwide. GDPR means that regulators can demand bigger fines from those that lose customer data; in the UK, for example, the ICO will be able to fine an organization up to £17 million or 4% of global turnover.

With this in mind all businesses should review their cybersecurity practices and think hard about the implications of a breach and how they will respond should the worst happen – a good, well-rehearsed plan could become a matter of survival.

Our cybersecurity research has produced a great deal of interesting information on attitudes to cybercrime across the industries and countries involved – we’d like to share more of it with you so join our Tweet Chat using the hashtag #cybertrends on 1st June 2017 at 4 pm BST / 8 am PDT.

Do you know if you’re likely to suffer a data breach in the next year? Find out with the FICO Enterprise Security Score.

This blog is based on independent research carried out on behalf of FICO by research and consulting firm Ovum. This link will take you to a page where you can download the whitepaper ‘What the C-suite Needs to Know about Cyber-readiness’ or one of our ‘Views From the C-Suite’ e-books for the USA, UK, Canada and the Nordics.

related posts