Most companies do not follow best practice when it comes to protecting themselves from data breaches, according to research conducted by the Ponemon Institute.
The research also found that 38% of organisations have no set time period for updating and reviewing their data breach protection plan. It report said that almost a third (29%) have not updated or reviewed their plan since it was first put in place, leaving them vulnerable to attack.
Nearly 4 in 10 (38%) had no data breach protection plan or cyber insurance and, of those, 40% said they had no intention of purchasing one. Over half (56%) of organisations surveyed also said that they were not confident that they could deal with a ransomware attack, and just 9% had given any thought to whether or not they would pay to resolve an attack.
Michael Bruemmer, vice president at Experian Data Breach Resolution, who sponsored the research, said: "When it comes to managing a data breach, having a response plan is simply not the same as being prepared.
“Unfortunately many companies are simply checking the box on this security tactic. Developing a plan is the first step, but preparedness must be considered an ongoing process, with regular reviews of the plan and practice drills."