Deadlines for investigating and reporting data breaches

75% of organisations set fixed time limits for investigating potential security incidents, according to Balabit. However, 44% of respondents reported missing internal or external deadlines for investigating or reporting a breach in the last year, and 7% said a missed deadline had resulted in serious consequences.

Do you have a fixed time limits in which you need to investigate a potential incident?

“The Balabit survey identified that the primary reason for not being able to investigate data breaches in time is that organisations still do not understand their own data. It is difficult for them to extract the necessary information from unstructured data with their existing tools and they lack the contextual information that would help transform this data into valuable, actionable information,” said Péter Gyöngyösi, Product Manager of Blindspotter at Balabit.

Reporting obligations will change with new data protection regulations

Today, 30% of organisations do not need to report security incidents to external authorities. These survey results come as organisations are under increasing pressure to prepare for new or updated compliance regulations that require data breaches to be reported within 72 hours.

The EU General Data Protection Regulation, due to come into force in May 2018 (and related to that, the EU-U.S. Privacy Shield), can lead to fines up to 2% of organisations global turnover.

Likewise, a new regulation proposed by the New York Department of Financial Services, Part 500 of Title 23, also requires financial institutions to report data breaches within 72 hours, with severe penalties resulting from a failure to do so.

Are you required to report these incidents to external authorities or other entities within a predefined time limit?

Top pain points in forensics investigations

Balabit also asked survey participants to rank aspects of their current breach investigation processes in terms of importance and satisfaction. The following ranking (in order of dissatisfaction) shows which aspects they are the least satisfied with:

1. Turning data into understandable information.
2. Seeing how users compare to their peers.
3. A single dashboard view of all data sources.
4. Seeing differences between actual user actions and normal baseline.
5. Fast access to data.
6. The ability to perform ad-hoc searches, drilling down to specific events.
7. Easy access to all relevant information.