A new report from Trustwave reveals many basic cybersecurity practices aren’t being followed by businesses in order to reduce the risk of a data breach.
Based on 476 respondents predominantly from the US, the UK, and the United Arab Emirates, the 2014 State of Risk Report from Trustwave revealed a number of startling findings:
- 58% of businesses use third parties to manage sensitive data, yet almost half (48%) do not have a third party management program in place.
- 45% of businesses have board- or senior-level management who take only a partial role in security matters; 9% do not partake at all.
- 21% of businesses do not have incident response procedures in place.
- 60% of businesses are fully aware of their legal responsibilities in safeguarding sensitive data, yet:
- 21% never perform security awareness training;
- 23% never hold security planning meetings;
- 24% do not have employees that read and sign their business’ information security policy.
- 33% of businesses have not commissioned a risk assessment to identify where their valuable data lives and what controls – if any – are in place to protect it.
Data is the lifeblood of business
With 81% of businesses storing and processing financial data, 71% storing intellectual property, and 47% storing payment card data, data is the lifeblood of business. By not implementing or following cybersecurity best practices, organizations leave their data and businesses open to a wide range of dangers.
For meeting cybersecurity best practices, businesses should implement an ISO27001-certified information security management system (ISMS). ISO27001 is the internationally recognized information security standard, which defines a holistic approach to information security to manage the confidentiality, integrity, and availability of your information assets.
IT Governance has created four ISO27001 implementation packages to suit the needs of any organization – whatever its size, sector, location, budget, or preferred project approach – in implementing an ISO27001-certified ISMS.