Blog Posts Process Analysis

Are You in the Half of Firms with No Tested Data Breach Plan?

Blog: Enterprise Decision Management Blog

Last week alone, a New York hospital, a US car washing business and a UK online retailer all suffered headline-making data breaches. There is no fool-proof cybersecurity defence, so businesses of all sizes need to consider not only how they can prevent breaches but also determine what they will do should the worst happen.

Additional losses are heaped on companies that fail to manage the fallout from a breach well. Poor customer communication, disastrous PR and a slow or ineffective response all damage reputation, lose customers and worry shareholders.

Despite this, a new, independent cybersecurity survey we commissioned with independent research and consultancy firm Ovum shows that only 51% of companies surveyed have a tested data breach response plan.

Looking across the six countries we surveyed, it’s clear that some are doing better than others, though none had excellent coverage on this question. The Norwegians are top of the class – 62% of respondents have a tested data breach response plan; the UK is at the other end of the scale with just 41%.

Chart showing percentages of firms by country with tested data breach response plan
There was less variation when we looked at the industries surveyed across all countries: e-commerce/retail had the lowest figure at 49%, and telecommunications were the highest with 54%. Looking at the industry data at a country level did yield interesting anomalies. In the UK only 25% of e-commerce/retail companies had a tested data breach response plan, while 78% of Norwegian media services companies do. Size of company didn’t seem to be a factor in whether firms had a tested data breach response plan.

The General Data Protection Regulation (GDPR) is about to be enforced, and it impacts organizations not only in Europe but worldwide. GDPR means that regulators can demand bigger fines from those that lose customer data; in the UK, for example, the ICO will be able to fine an organization up to £17 million or 4% of global turnover.

With this in mind all businesses should review their cybersecurity practices and think hard about the implications of a breach and how they will respond should the worst happen – a good, well-rehearsed plan could become a matter of survival.

Our cybersecurity research has produced a great deal of interesting information on attitudes to cybercrime across the industries and countries involved – we’d like to share more of it with you so join our Tweet Chat using the hashtag #cybertrends on 1st June 2017 at 4 pm BST / 8 am PDT.

Do you know if you’re likely to suffer a data breach in the next year? Find out with the FICO Enterprise Security Score.

The post Are You in the Half of Firms with No Tested Data Breach Plan? appeared first on FICO.

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples