Enterprising Developments

Data Breaches a Wake-Up Call to Management

Joe McKendrick
Insurance Experts' Forum, January 27, 2012

The Ponemon Institute, which does a lot of research in IT and data security, just released its findings on the characteristics of – and reactions to – data breaches at 584 companies. One out of five were financial services companies, the largest industry segment in the survey.

Overall, the IT professionals surveyed say that as a result of their recent incidents, they feel more confident than senior leadership about the ability to keep customer data secure from future breaches. As a broad trend, privacy and data protection became a greater priority for senior leadership following a breach. As a result, IT security budgets for most organizations in this study increased. Lessons learned from the data breach are to limit the amount of personal data collected, limit sharing with third parties and limit the amount of personal data stored.

Here are some of Ponemon's findings on the nature of recent data breaches, and how they impacted organizations and customers:

- In most cases, sensitive data lost or stolen was not encrypted. “Sixty percent of respondents say the customer data that was lost or stolen was not encrypted and 16 percent are unsure.”

- Organizations report that it was their most sensitive data was lost or stolen. “Respondents report the loss of email addresses and credit card or payment information.”

- Insiders and third parties are most often the cause of the data breach. “Forty-four percent of respondents say they were not able to determine the root causes of the breach or are unsure. If the organization was able to determine the cause of the breach, most often it was the negligent insider (34 percent). Nineteen percent say it was the outsourcing of data to a third party and 16 percent say a malicious insider was the main cause.”

- Data breaches reduce an organization’s productivity. “Fifty percent of respondents say the most negative consequence of the breach was the loss of productivity. In the aftermath of a data breach, key employees may be diverted from their usual responsibilities to help the organization respond to and resolve the data breach. This is followed by a loss of customer loyalty (41 percent) and legal action (34 percent) as the most negative consequences.”

- Data breach response strategies need improvement. “Fifty percent believe their organization made the best possible effort following the data breach. However, only 30 percent say that it was successful in preventing any negative consequences from the data breach. In addition, only 27 percent believe their data breach notification efforts increased customer and consumer trust in their organization.

- Organizations are now minimizing the amount of personal data collected, shared and stored. “Almost half (49 percent) now say they limit the amount of personal data collected and 48 percent now limit the sharing of this data with third parties. Forty-two percent say the organization limits the amount of personal data stored. However, only 27 percent say the organization now limits the amount of personal information used for marketing purposes.”

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Opinion: Halbig Decision Creates New Level of Uncertainty for Obamacare

Time will tell if the Halbig decision remains viable. But in the meantime, a new level of uncertainty has been injected into the process.

CIOs: "We Don't Have Enough People to Run Our Mainframes"

Insurers will be competing with other industries for both legacy and “new IT" talent.

4 Ways to Keep Insurance Data Quality Healthy

Continually building trust and credibility in the data is the key to a successful data warehouse.

Customer Experience Trend Watch

Three recent HR moves demonstrate that large life insurers recognize customer experience as a strategic differentiator.

Insurers Have a Lot of Data, But Too Many Silos

Insurers actually have more data analytics resources than other industries.

Are Data Centers Shrinking or Expanding?

Today's data centers are doing far more with much smaller footprints.

Advertisement

Advertisement