This account is pending registration confirmation. Please click on the link within the confirmation email previously sent you to complete registration. Need a new registration confirmation email? Click here
More than two-thirds (68 percent) of respondents in Protiviti's survey said they have elevated their focus on information security in response to recent press coverage of so-called "cyber warfare." However, the number of companies that appear inadequately prepared for a crisis is surprisingly high. When asked if their organizations have a formal and documented crisis response plan for use following a data breach or hacking incident, more than one-third reported that either their organizations did not (21 percent) or they did not know (13 percent).
"Cyber security must continue to be a major focus for businesses, especially in light of recent high-profile security breaches," said
Cal Slemp, managing director with Protiviti and global leader of the firm's IT security and privacy practice. "While we're seeing a greater number of companies across a wider range of industries devote more attention and resources to improving their approach to data security, there are still a lot of businesses that are susceptible to attacks."
Data Policy and Retention/Storage Issues
According to the survey results, many companies lack key data policies and are ineffective at managing data through proper retention and storage practices, including the classification of sensitive data. Approximately 22 percent of companies do not have a written information security policy (WISP) and 32 percent lack a data encryption policy. Not having these policies in place is an important consideration when a breach involves information covered by data privacy laws and can expose an organization to significant legal liability.