A survey of IT professionals by Hungarian security firm Balabit on the current status of their security investigations has revealed that though 75% of organizations set deadlines for probing and reporting breaches, 44% could not meet them last year - leading to serious consequences for 7%.
Balabit also discovered that 70% of companies have to report security incidents to external authorities, but the majority do not set time limits for it. This data is not encouraging in the face of the EU-US Privacy Shield and even as EU prepares for data protection rules from May 2018 which signals severe penalties on failure to report a breach within 72 hours.
“The Balabit survey identified that the primary reason for not being able to investigate data breaches in time is that organizations still do not understand their own data,” explains Péter Gyöngyösi at Balabit.
The respondents also displayed maximum dissatisfaction with their ability to turn data into understandable information and “seeing how users compare to their peers.”
For full survey results, click here.