Fresh on the heels of a string of highly publicized corporate data breaches, 63 per cent of respondents to a new data security study said they did not believe they could prevent such breaches.
“This group came out much, much more negative than I ever expected,” said Larry Ponemon, founder and chairman of the Ponemon Institute LLC, an Elk Rapids, Mich.-based firm that looks at information and privacy management practices in business and government. “They said they’re bad at detecting [breaches], but even worse at preventing [breaches].”
The study, entitled National Survey on the Detection and Prevention of Data Breaches, is based on responses from 853 IT professionals, including senior executives and information security managers. It was sponsored by PortAuthority Technologies Inc., a Palo Alto, Calif.-based vendor of information leak prevention software.
The study also found that 41 per cent of respondents said their companies are ineffective in enforcing data security policies due to lack of corporate resources.
About 66 per cent of the respondents said their companies use hardware or software to help detect or prevent data breaches. The remaining respondents said their companies don’t use such tools because of their high costs.
Jon Oltsik, a security analyst with Enterprise Strategy Group in Milford, Mass., said the Ponemon figures mirror statistics that have been collected by his company.
“The 41 per cent who say they don’t have the resources (to effectively fight the problem) — that I completely believe,” Oltsik said. “A lot of companies are kind of slow” in dealing with such problems, he said.