That’s according to a new study by privacy think tank Ponemon Institute and risk management vendor Opus. So reports Compliance Week. Ponemon and Opus surveyed 1,000 U.S. and U.K. information-technology pros with direct involvement in overseeing cyber risk. Of those, 32% had never experienced a data breach. Another 36% said their organizations had not suffered a data breach in the past 12 months.
These “high-performing” organizations had stronger governance regimes for overseeing outsourced work, the study finds. That’s in comparison to the 59% of organizations that had experienced a breach at some point, including 42% in the last 12 months. Such governance practices included regular engagement with top executives and the board members. High-performers were also more likely to say they were allocated enough resources for managing outsourced relationships.
Another attribute of high-performing organizations was their approach to the security and privacy practices of third parties. These organizations didn’t just have contracts in place to guarantee that third parties use the proper security and privacy practices. They also were more likely to perform audits and evaluations of how well vendors were actually implementing these practices.
The Ponemon and Opal study focused on preventing data breaches. Once a breach has occurred, having the best practices in place can help reduce the damage, as Security Boulevard reports.
Organizations should concentrate on cutting down “dwell time,” the amount of time between the breach’s occurrence and it being discovered, said Pravin Kothari, CEO of CipherCloud, a software developer. Experts also recommend having a plan in place and conducting “fire drills” periodically to ensure the plan works.
The costs of a breach can be severe—and go beyond the value of the data exposed. Software developer Ping Identity recently surveyed 3,000 U.S., U.K., French, and German consumers. More than three-fourths said they would stop interacting online with a brand that has suffered a breach. Almost half said they would not sign up with an online brand with a recent breach.
Repairing that reputational damage can be expensive. Take the healthcare sector alone. Hospitals raised their annual advertising budgets by 64% in the two years after a breach, the American Journal of Managed Care found in a recent study.