Channels ▼


Survey Assesses Impact of Data Security Breach

DDJ: With us today is Robert Scott, managing partner at Scott & Scott, a law and technology services firm that focuses on privacy and network security.

Rob, along with the Ponemon Institute, an independent privacy and information management research firm, you recently conducted a survey that examined the business impact of security breaches. What did you learn?

RS: We learned two things that were really surprising. First, despite the frequency of data breach events businesses are still unprepared. They do not have proper security policies in place, they are not taking advantage of encryption technology to protect data, and they are not consulting with legal counsel before responding to an event which could leave them vulnerable to legal liabilities. Second, we learned that businesses believed that data subjects typically suffered little or no actual monetary harm as a result. However, these businesses are required to notify all subjects of a breach regardless of the perceived threat -- a process that can be very damaging to a business’s financial health and reputation. If notification requirements are not providing tangible consumer benefits such as preventing possible future economic harm, then it may be time to reevaluate the requirements.

DDJ: Can you briefly tell us about the survey. Who were the respondents, for instance?

RS: There were a total of 702 respondents including various C-level executives, chief information officers, and a range of IT security professionals in mostly large businesses. The respondent businesses spanned all industries including financial institutions, insurance, retail, professional services, the technology sector, and so on.

DDJ: What practical lessons can be learned from the survey results?

RS: I can’t overstate the importance of encryption technology on all devices containing confidential information. It is the single most effective way to prevent the business risks associated with a data security breach. If information is encrypted not only does it render the data unreadable, but your company may be exempt from costly and damaging notification requirements.

DDJ: Is there a web site that readers can go to for more information on these topics?

RS: A copy of the survey report is available on our web site at

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.