As a consumer, you trust your personal information to countless businesses and organizations.
You trust your doctor to keep your health records private, your mortgage company to protect your financial information, and your bank to secure your money from cyber attack.
However, a new report from Experian Data Breach Resolution presents a mixed picture on whether that trust is misplaced.
On one hand, the report found the number of organizations that have prepared a plan to deal with and prevent data breaches rose from 61% in 2013 to 86% this year. But it also found only 38% have fixed procedures and timelines for reviews and updates.
In fact, 29% of organizations haven't conducted a review or update since the plan was put in place.
No substitute for being prepared
"When it comes to managing a data breach, having a response plan is simply not the same as being prepared," said Michael Bruemmer, vice president at Experian Data Breach Resolution.
Bruemmer said it seems some organizations are simply “checking the box” when it comes to cyber security. He says developing a plan is only the first step in an ongoing process that unfortunately, must evolve to keep current with threats.
Of all the threats out there, ransomware appears to be growing fastest, posing the greatest risk to organizations. Successful hackers who are able to find the weakest link in a corporate network can encrypt all files on the network, making them inaccessible until a ransom is paid.
725 breaches so far this year
The Identity Theft Resource Center (ITRC) keeps a running count of reported data breaches in the U.S. As of early October, it had counted 725 successful breaches, with nearly half involving health care records.
These records, which usually include extensive personal history, including Social Security numbers, make it easy for hackers to steal identities.
The Experian report is not all bad news. For example, it shows 58% of organizations have increased their level of preparedness. But Bruemmer says that number needs to be higher to ensure the safety of U.S. consumers.
"Investing in breach preparedness is like planning for a natural disaster,” he said. “You hope it will never happen, but just in case, you invest time and resources in a response plan so your company can survive the storm."