Retailers unprepared for more breaches

The results of a new data security survey of U.S. businesses should not be surprising, but they are certainly alarming. Even though high-profile data breaches such as Target (NYSE:TGT) and P.F. Chang's have been in the news since the start of the year, IT executives said their companies' data is not secure.

Even though 72 percent of IT executives say their companies suffered a data breach in the past 12 months, only 51 percent say securing confidential data is a high priority, according to a new Ponemon Institute report commissioned by Informatica. The report is based on a survey of nearly 1,600 IT executives in 16 countries whose jobs involve protecting sensitive data.

In related news, 35 percent of U.K. banks and retailers said it would take as long as two to three days to detect a breach on their systems, according to a new Tripwire study. Twenty-four percent of those studied have already suffered a data breach where personally identifiable information (PII) was stolen or accessed by intruders. In addition, 36 percent of respondents do not have confidence in their companies' incident response plan.

In the Ponemon study, among respondents whose companies suffered breaches, 58 percent said that the incident could have been avoided with more effective security technologies and 57 percent said they wished they had had more skilled personnel with data security responsibilities.

Alarmingly, nearly 60 percent of retail respondents said that not knowing where sensitive data is located within their companies "keeps me up at night." "The majority of respondents agree that not knowing the location of data poses a serious security threat. Clearly, the time is ripe for a wider adoption of the technologies and expertise to make data-centric security an enterprise priority," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, in a statement.

Many retailers' sensitive data is not secure because too many employees can access it, Julie Lockner, Informatica's VP of marketing and business development, told Internet Retailer. "Those decisions are made outside of IT and IT might not even know about it," she says. "And once it's out there, getting it under control is like herding cats."

For more:
-See this Internet Retailer article
-See this Ponemon Institute statement
-See this Tripwire statement

Related stories:
Domino's Pizza data hackers demand ransom
How to prevent Target-like data breaches
Will PF Chang's data breach speed EMV?
Shoppers stop buying online after breaches
Lowe's discloses breach of employee information