For many companies, the question is not will they experience a data breach, it's when and how often, according to survey results released this week.

Some 85% of 700 C-level executives, managers and IT security officers revealed they had experienced a data breach event, and about half of those admitted they had no incident response plan in place. Among the most common causes for the breach incidents were lost or stolen equipment such as laptops, PDAs and memory sticks. The secondlargest contributing factor involved negligent employees, temporary employees or contractors.

The survey, titled "The Business Impact of Data Breach," revealed the "pervasive problem" plaguing IT security officers in midsize to large U.S. businesses in all industries, researchers say. Scott & Scott, a law and technology services firm, commissioned the survey conducted by independent research firm Ponemon Institute and released the findings today.

"Our findings show that data breaches are a pervasive problem for most organizations in the United States today. We also show that despite negative repercussions in terms of cost outlays and reputation diminishment, many companies that experience a breach do not take appropriate steps to prevent future incidents," said Larry Ponemon, founder and chairman of the Ponemon Institute, in a press release.

The survey also shows that most companies are required to report the incident to subjects whose information was lost or stolen. Nearly 100% were required to give such notifications under state statutes, and some 60% were required to notify victims under federal privacy acts such as the Health Insurance Portability and Accountability Act and the Gramm-Leach-Bliley Act. About 37% of respondents said they sent blanket notifications to potential victims, rather than precise details.

Of those organizations suffering a data loss, about three-fourths reported loss of customers, nearly 60% said they faced potential litigation, and one-third faced potential fines. Another 32% said they saw a decline in their share value.

Yet most respondents reported little or no monetary harm to data subjects. Researchers say the findings highlight the need to reform notification requirements, "which can be detrimental to businesses especially when weighed against the perceived lack of real benefit to consumers."

Whitepapers

• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper
• Driving Business Success Through Workgroup Choice and Flexibility
• Toward More Flexible, Next-Generation Collaboration Solutions
• Collaboration Tools and Organizational Success Whitepaper
• The ROI and TCO Benefits of Data Deduplication for Data Protection in the Enterprise

View more SECURITY whitepapers

Webcasts

• Transforming the Enterprise WAN Edge: Video from Cisco
• Key Considerations for a Successful 802.11n Deployment
• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Solutions to the Toughest IT Challenges in Remote Offices

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports