18/03/2015 04:17

34% do not have a data breach response plan in place at all.

A new Experian whitepaper has revealed just how prepared UK businesses are in the event of a data breach, with the findings indicating that many are underestimating their readiness to cope.

The data breach landscape is not a positive one. One in five of those surveyed had experienced a data breach in the last two years, affecting nearly 40% of british consumers.

With this in mind, one would think that businesses would be scrambling to prepare for the possibility of future attacks? The research would indicate that this is not the case at all. 34% do not have a data breach response plan in place at all, and with those that do, a quarter of these plans do not include specialist crisis communications (23%) or legal support (27%).

Only one third have specific budgets set aside to deal with data breaches, in spite of 81% saying they are concerned about the financial impact of recovering from a breach. Worryingly, 39% have no reporting procedures in place for lost data or devices (e.g. company laptops or phones) and Less than half (43%) have data breach or cyber insurance policies in place.

All these finding come together to paint a less than positive outlook for businesses falling prey to data breaches in the future. The impact on consumers, if their information is compromised, has to be taken into account too.

4 in 10 British adults have been affected by a data breach and two thirds (64%) are concerned about falling victim in the future. Most notably it is evidenced that consumers are less understanding, and less willing to see organisations affected by data breaches as 'victims'.

Rather, 84% think companies should be penalised in the event of a data breach, while 63% say they are likely to leave an organisation if a data breach occurred.

UK businesses do not share the insights of the consumers surveyed. Less than half of organisations (47%) would notify customers 'as quickly as possible' following a data breach. Less than a quarter (21%) would offer an identity protection service to existing customers, and only one in 10 would offer a free credit monitoring service.

Amir Goshtai, Managing Director, Affinity Experian Consumer Services commented: "The prevalence and severity of data breach incidents will continue to accelerate, as will the volume of reported cases. When coupled with the potential for greater regulation, increased consumer awareness and widespread media coverage, it has never been more important for organisations to be well prepared. And at the heart of any plan needs to be an unwavering focus minimising the impact on their customers.

"Consider that 52% of all detected fraud in the last year is now as a result of identity theft together with the fact that already on a single day in February 2015, there was more personally identifiable information illegally traded on the dark web than in a three-month period during 2014. Businesses in the UK are facing an uphill battle to protect themselves and their customers."

The Experian whitepaper, 'Data Breach Readiness 2.0: The Customer First Data Breach Response', drew on on insights from more than 400 senior business executives.