Nearly 85 percent of privacy and security professionals believe a reportable breach of personally identifiable information (PII) occurred within their organization in the last year, according to an online survey of 800 such professionals published on Tuesday by accounting firm Deloitte & Touche and the Ponemon Institute.
Almost two-thirds of the professionals polled stated that their organizations had experienced multiple reportable breaches in the past year. The security and privacy managers only dedicated approximately 7 percent of their time to training employees and, at most, 10 percent of their time to establishing an incident response team, the survey found.
Frankly, Im shocked by the high percentage of PII data breaches were seeing occur within organizations," Rena Mears, Deloitte global and U.S. privacy and data protection leader, stated in the release announcing the study. "This survey provides insight into the scale of the problem and how enterprises are struggling to respond. Its clear that both privacy and security professionals are caught in a reactive cycle, and they agree on the need to move to a more proactive stance.
A number of events in 2007 have raised corporate awareness of privacy issues. In January, retail giant TJX Companies announced that successive online attacks during 2005 and 2006 has resulted in the loss of, at last count, more than 94 million credit- and debit-card accounts. Last month, the head of HM Revenue & Customs, the United Kingdom's tax agency, resigned following a massive data leak that potentially put the sensitive personal details of 25 million people at risk.
The attention has caused many companies move toward encrypting their data. The survey found that 55 percent of companies are implementing "some type of encryption" and 37 percent are currently encrypting data in transit and information stored on servers, according to the survey.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos