The private sector is still not prepared – and generally lacks the knowledge – to respond effectively to a major cyber breach, according to 80 percent of respondents in a survey released by Fox Rothschild LLP.
“There is an alarming lack of awareness at the senior level when it comes to data governance practices in the private sector” said Fox partner Scott Vernick, who chairs the firm’s data security and privacy practice.
In its survey of cybersecurity professionals and risk experts across insurance, legal and other industries, Fox found that despite companies’ pouring real money and resources into data security:
- 65 percent said the private sector is only “somewhat prepared” to respond to a data breach;
- 15 percent stated it is “not prepared” at all; and
- Only 20 percent said the private sector is “very prepared.”
The survey’s 75 respondents also expressed significant concern about senior management’s understanding of how data is, and can be, vulnerable. In fact, more than 85 percent said senior business leaders could “not accurately” or only “somewhat accurately” identify and address their companies’ data collection and storage practices.
“Companies in all sectors need to understand what types of data they collect, who has access to it and how it is stored well before a breach takes place,” Vernick added. “If they don’t follow best practices, it will cripple their ability to respond effectively and lead to costly litigation.”
In the debate over encryption and “access to data,” 84 percent of the Fox survey respondents favored the private sector’s right to guard customer data against government access in the event data was encrypted and otherwise not accessible. Nearly 75 percent also believe the private sector should be permitted to tell customers when the government subpoenas their data.
Survey respondents cited the following areas as requiring the most improvement by the private sector when it relates to cybersecurity strategy:
- Employee training (29 percent);
- Vendor management (24 percent);
- Security and protection of systems, networks, firewalls and applications (19 percent);
- Funding and resources (19 percent);
- Encryption of data (5 percent); and
- BYOD security (4 percent).