US report provides insights on data security incidents

A US study of more than 200 data security incidents in 2014 has revealed the following insights:

  • employee negligence was the leading cause for a data security incident, demonstrating that technology solutions alone will not do it and that companies need also to drive better employee training and awareness, led by the right “tone from the top” and appropriate information security policies
  • the average time lag between the incident occurrence and detection was 134 days, and
  • in the investigation of a breach, regulators most often ask to review companies’ internal policy documents including policies and procedures governing privacy and security, disaster recovery and business continuity plans, and evidence of education and awareness programmes.

Link: The Baker Hostetler Data Security Incident Response Report 2015