IT Pros Say They Can't Stop Data BreachesBy Deborah Rothberg | Posted 2006-08-30 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Nearly two-thirds of respondents in a new study say they're ineffective in preventing data breaches.
In the wake of widely publicized security compromises at AOL and AT&T, a study released Aug. 28 by the Elk Rapids, Mich.-based privacy management research company Ponemon Institute finds that only 37 percent of IT professionals believe their company is effective at detecting data breaches.
Citing a lack of resources and high product costs as barriers to preventing data leakage, respondents were uncertain about their company's ability to discover breaches of confidential information. Only 43 percent believed that their company would detect a large breach (involving more than 10,000 customer records) more than 80 percent of the time. 17 percent of respondents felt their company would correctly detect a small data breach (involving less than 100 customer records) more than 80 percent of the time.
Respondents viewed the loss or theft of customer or consumer data as the second most detrimental data breach, even if privacy laws required notification, diminishing brand, reputation and customer confidence, and making the incident a public event. The loss or theft of intellectual property came in first in terms of risk, reputations and cost to the organization.
Though 66 percent of respondents reported the use of technologies to help their organizations manage the leakage of sensitive or confidential information, cost was the primary reason cited why organizations would not use these technologies. Thirty-five percent felt that they were too expensive, 16 percent felt manual procedures were adequate, 16 percent felt that their organizations were not vulnerable to breaches and 12 percent criticized existing technology-based data for having too high of a false positive rate.
Many respondents believed that their organizations did not have the right leadership structure or enough resources to properly enforce compliance. Forty-one percent believed that their organization was not effective at enforcing compliance with their organization's data protection policies and procedures.
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.