Most Companies Don’t Care About Your Data Security

Debt.com strives to provide our users with helpful information while remaining unbiased and truthful. We hold our sponsors and partners to the highest industry standards. Once vetted, those sponsors may compensate us for clicks and transactions that occur from a link within this page.

A whole lot of companies get hacked, and they don’t do a whole lot about it.

Half (51 percent) of U.S. executives say they aren’t talking about cybersecurity as much as they should be, says a study from consulting firm Deloitte.^[1] And it doesn’t look like they want to improve their data protection efforts. They only set aside 14 percent of their budgets to expand cybersecurity efforts.

Further, 27 percent of organizations don’t train their workers about data protection and 51 percent of executives feel they aren’t ready to deal with a data breach, says a study from information services company Experian.^[2]

This trend isn’t exactly new. In fact, the problem has persisted for years.

For example, in 2017, 53 percent of U.S. businesses were breached, according to Debt.com’s 2018 Identity Theft Analysis, and businesses still didn’t take the necessary steps to stop future hacks.

Will executives ever learn? We don’t know. But here are some major sectors targeted by hackers and the reasons behind their leaky security.

No organization is above hacking

The information you give Facebook and Target is more than enough for your identity to be snatched. However, you can’t always protect yourself by choosing other places to shop or avoiding social media.

Advertisement

Some cybercriminals have zeroed in on even bigger targets. They can compromise the data security of organizations as large as the U.S. government, banks, and healthcare services — three areas that almost every American has a stake in.

U.S. government and data security

There are 16 essential government services in the U.S. and they’re all at risk for a breach.^[3] These sectors “underpin American society and serve as the backbone of our nation’s economy, security, and health.”

Almost 60 percent of these organizations’ executives say they’re susceptible to security threats, says a poll from cybersecurity company Indegy.

The current presidential administration doesn’t help ease their concerns. Only 26 percent believe the government is ready to protect itself from a cyber attack.

So what’s eating away that confidence? Seventy percent of respondents say U.S data seems less secure because of the increase in cyber attacks. High-profile breaches like those during the 2016 elections and WannaCry have them concerned. ^[4]

Banks and data security

Banks are at the highest risk of fraud, yet more people entrust them with private data.

The Electronic Payments Coalition (EPC) says most consumers are worried about their data getting stolen when they make purchases, regardless of if it’s in person or online. Even though data breaches are increasing, banks are still getting much more trust than retailers.

Banks are warning consumers about fraud much more often, which is helpful considering fraud is skyrocketing right now.

Healthcare and data security

Americans pour their money and information into healthcare by the bucketful. Unfortunately, that sector is at high-risk for a data breach.

A study from solutions company Accenture and the American Medical Association found that 83 percent of physicians had a cybersecurity attack. And nearly three quarters worry future attacks will compromise your digital patient records.

Despite that, Black Book Market Research says 80 percent of healthcare provider organizations don’t have a plan in place for a potential breach. Ninety-two percent of officers in these companies don’t believe cybersecurity is a big deal. So, they don’t have cybersecurity teams.

What contributes to bad data security?

Intel Security surveyed 700 IT professionals at companies in Asia, North America, and South America to assess what kind of threats organizations are experiencing and how to combat them.

The majority say targeted attacks have an easier time infiltrating organizations. That’s because users don’t know about cybersecurity risks.

But there are a number of other factors contributing to the breaches that many companies share…

Low cybersecurity budgets

Nearly 60 percent of security professionals say they don’t have the budget to fight off attacks, says research from Black Hat.

The amount that most companies allocate to cybersecurity from their IT budgets is usually 10 percent or less, which isn’t much, says security company LogRyhthm.

Fifty-seven percent of IT executives say their low budgets make them feel only “moderately comfortable” with their company’s level of consumer data security.

Lackluster budgets are a problem in universities as well. Eighty percent of educational institutions don’t have any software installed in their systems to protect against malware breaches. And almost 3 in 4 schools say money is the top factor in getting proper protection, says security software company Netwrix Corporation.

Low cybersecurity staff

Close to 70 percent of security professionals say they don’t have enough staff to protect against major security breaches, according to research from Black Hat.

On average, companies employ 12 cybersecurity professionals. However, more than half of companies have 10 or less on staff, says a study from LogRhythm. Lack of staffing leaves security decision makers doubtful in their company’s data security.

But institutions can’t hire workers fast enough because potential employees don’t have the basic skills to help fix these issues.

Ninety-three percent of IT security pros are worried about the gap in skills, says a survey from Tripwire, a security software company.  Many believe that the requirements to be a qualified security IT professional have changed in the past two years.

Unqualified and outdated security tools

Three-quarters of security professionals don’t believe that buying all available data security tools will fully protect their organizations, according to Tripwire. On top of that, half say the security tools they bought failed to protect them.

The way cloud stores information today presents another problem. Most companies take advantage of “cloud” computing, which stores data over the internet rather than on a hard drive. But hackers are easily able to nab that information.

Eighty-four percent of companies say that traditional security solutions are either limited or don’t work at all with cloud security, says a study from Cybersecurity Insiders.

This can lead to “ransomware,” which is when a hacker obtains sensitive information and holds it for a money ransom. It costs companies nearly $1 million to correct a ransom incident, says SentinelOne, a security software company.

Data vulnerability due to human error

Forty-seven percent of company data breaches are due to mistakes from a vendor or contractor, says a poll from HSB and consulting firm Munich Re.

Cloud solutions manager Intermedia agrees, saying it’s none other than employees who are the reason for hacks. Their latest Data Vulnerability Report found that 96 percent of workers auto-save their passwords on their work computers. Meanwhile, it’s safer to enter information manually.

Another 24 percent use the same passwords for work and personal accounts. And more than one-third of workers say they store work-related information on personal devices.

Risks are high even after employees leave. Over a third of workers admit they have tapped into materials after leaving a company. It’s even higher among IT workers, where almost half have done so.

There’s not much you can do if your data is in the hands of a business – but there are best practices for damage control. If you’ve had your identity stolen because of a business security breach, visit Debt.com’s How-to page for handling a data breach.