A recent report by KPMG surveyed 223 senior IT and security executives from different healthcare organizations and institutions and found that 81% of those questioned – all of which claimed more than $500M in annual revenues – experienced a security breach in the last two years. In other words, four out of every five people surveyed had experienced a security breach of some kind since 2014.
More unsettling was the number of participants that said they weren’t prepared for a security breach; to be specific, 66%, of insurance executives and approximately 53% of hospital executives admitted as much. Finally, and these are other unfortunate statistics, 13% experienced more than one cyberattack a day at their organization and 16% said they could not detect an attack in real time.
Some other key facts found in the report:
- 15% do not have a leader with the responsibility of information security
- 23% said they do not have a security operations center to detect threats
- 55% said they have trouble finding staff for their security positions
- 86% have increased cyber security spending
- 85% have discussed cyber security in the past year
The survey findings highlight concern for the number of attacks, the low level of detection and prevention, and the increased awareness for cyber security. Furthermore, it’s disconcerting to watch the relationship between the increased number of cyber threats and the limited ability to handle them, though it seems like they are making a bold effort to increase security (financially at least).
Though spending has increased from previous levels, the numbers are well below what they should be. Many organizations spend so little on information security in the first place, even if the expenditure doubled it may still fall behind many other organizations’ levels. And while we can’t necessarily expect 100% of these organizations to do things perfectly, we should expect more as a whole. These healthcare organizations and insurance companies hold very private information, and their actions aren’t showing that they take this responsibility to heart.
It will be interesting to see the trends these kinds of surveys show over the next few years. Cyber attacks and security breaches aren’t necessarily new, but are becoming bigger problems at a quicker rate. Plus, it’s difficult for large organizations to be agile when it comes to changing and implementing policies and new staff quickly.
Of course, we can’t make excuses for these organizations. We can only assert that they need to do something about the holes in their security tiers, whether that’s starting with a cyber security audit, hiring more staff, or simply addressing their compliance standards. Fortunately, there are expert cyber security professionals out there to help along the way if your company is not equipped to handle the added IT workload.