Companies are under cyberattack, and many of them are being caught off guard when a data breach occurs. More than half of small and midsize businesses (SMBs) don't have an appropriate breach response plan currently in place, according to a survey from Software Advice.
There are 47 states with breach notification laws that force companies to disclose data breaches when personal information is impacted. However, just 33 percent of SMB decision makers feel "very confident" they understand their state laws regarding breach notification - and it remains a confusing matter.
"Most of the time, when [valuable] information leaks out of a company, it is instantly being monetized on underground forums," said Bogdan Botezatu, senior e-threat analyst of the Bitdefender antivirus firm. This data can be moved quickly, as cybercriminals tend to want to exploit data before changes are made - and companies must inform their clients and customers promptly.
The federal government wants increased cooperation between corporations and the government regarding cybersecurity - but many SMBs are still left to fend for themselves. Data breaches sometimes prove to be catastrophic, and companies without data breach plans, tend to focus more on internal operations more than public disclosures.