Enterprising Developments

Data Breaches a Wake-Up Call to Management

Joe McKendrick
Insurance Experts' Forum, January 27, 2012

The Ponemon Institute, which does a lot of research in IT and data security, just released its findings on the characteristics of – and reactions to – data breaches at 584 companies. One out of five were financial services companies, the largest industry segment in the survey.

Overall, the IT professionals surveyed say that as a result of their recent incidents, they feel more confident than senior leadership about the ability to keep customer data secure from future breaches. As a broad trend, privacy and data protection became a greater priority for senior leadership following a breach. As a result, IT security budgets for most organizations in this study increased. Lessons learned from the data breach are to limit the amount of personal data collected, limit sharing with third parties and limit the amount of personal data stored.

Here are some of Ponemon's findings on the nature of recent data breaches, and how they impacted organizations and customers:

- In most cases, sensitive data lost or stolen was not encrypted. “Sixty percent of respondents say the customer data that was lost or stolen was not encrypted and 16 percent are unsure.”

- Organizations report that it was their most sensitive data was lost or stolen. “Respondents report the loss of email addresses and credit card or payment information.”

- Insiders and third parties are most often the cause of the data breach. “Forty-four percent of respondents say they were not able to determine the root causes of the breach or are unsure. If the organization was able to determine the cause of the breach, most often it was the negligent insider (34 percent). Nineteen percent say it was the outsourcing of data to a third party and 16 percent say a malicious insider was the main cause.”

- Data breaches reduce an organization’s productivity. “Fifty percent of respondents say the most negative consequence of the breach was the loss of productivity. In the aftermath of a data breach, key employees may be diverted from their usual responsibilities to help the organization respond to and resolve the data breach. This is followed by a loss of customer loyalty (41 percent) and legal action (34 percent) as the most negative consequences.”

- Data breach response strategies need improvement. “Fifty percent believe their organization made the best possible effort following the data breach. However, only 30 percent say that it was successful in preventing any negative consequences from the data breach. In addition, only 27 percent believe their data breach notification efforts increased customer and consumer trust in their organization.

- Organizations are now minimizing the amount of personal data collected, shared and stored. “Almost half (49 percent) now say they limit the amount of personal data collected and 48 percent now limit the sharing of this data with third parties. Forty-two percent say the organization limits the amount of personal data stored. However, only 27 percent say the organization now limits the amount of personal information used for marketing purposes.”

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Is the Long March to IFRS Convergence Over?

Once a given, the adoption of a single set of accounting standards for the insurance industry is on hold.

So You Plan to Buy a Core System … Now What?

There are many questions for carriers to consider even before the implementation process begins.

What It Takes to Have a Tech-Savvy Workplace

The tools and technologies to build the next workplace are available, but not common yet in corporate settings.

Avoiding the Bermuda Triangle of Data

Handled poorly, questions around data ownership, data quality and data security can sidetrack big data conversations and alienate business stakeholders.

A Prototype of the Successful Innovation Leader

Celent research reveals the prototype for the successful senior innovation leader.

Global Supply Chain, Local Problem

As a technology provider, your client’s ability to deliver products and services to their customers, when and where they need them, is at the heart of their business success.