More companies report having data breach response plans, but still lack in some areas: study

More companies have purchased cyber insurance policies this year and have data breach plans in place, but many executives still lack confidence that their company would handle such an event properly, according to a recent study out of the U.S., conducted by the Ponemon Institute.

The study asked 567 executives in the United States about how prepared they think their companies are to respond to a data breach.

Data breaches have increased in frequency, from 33% reporting an experience with one in 2013, to 43% this year, according to its recent report. Sixty percent also reported more than one data breach in the past two years, up from 52% last year, according to the report.

Compared to results from a similar survey last year, more companies now have data breach response plans – 61% of companies in 2013, versus 73% this year, according to the report.

Additionally, 72% of companies now have a data breach response team in place, up from 67% last year.

Data protection awareness and privacy programs – or training for employees and stakeholders with access to sensitive information – have also increased, the report suggests, with 54% of companies now having one in place, compared with 44% last year.

However, those plans are often seen as ineffective, based on the most recent report.  “Despite the existence of plans only 30% of respondents say their organizations are effective or very effective in developing and executing a data breach plan,” according to the report.

In addition, many respondents reported feeling unsure their companies would know how to properly handle a data breach in terms of preventing negative media attention and public opinion.

Additionally, when asked how often data breach plans are reviewed, the majority of executives indicated that their companies’ plans hadn’t been reviewed since inception, or lack a regular timeframe for review.

Data breach or cyber insurance policies are, however, becoming more important, with 26% of companies reportedly having purchased a policy, up significantly from only 10% of respondents last year.

“Further, the use of standard or model contract terms with third parties, vendors or business partners increased,” the report says. In 2013, 65% of respondents said their organizations had these in place, while that’s now up to 70% this year.

The full report is available through Experian Data Breach Resolution, which sponsored the independently-conducted study.