The survey shows:
- 43 percent of organizations have a defined information security budget;
- 69 percent of organizations devote 3 percent or less of their IT budgets to information security;
- 65 percent do not have a portion of their IT budget specifically allocated for information breach detection, response and notification costs;
- 40 percent don't yet have a documented information security strategy in place;
- 43 percent grade their ability to counter external and internal information security threats as poor, failing or in need of improvement.
In recent weeks, class action lawsuits have been filed in response to several major health information breaches (see: More Breach Class Action Lawsuits Filed).
The recent surge in class action lawsuits is yet another compelling reason for organizations to make necessary investments in privacy and security safeguards.
The lawsuits, which are seeking many billions of dollars for failure to adequately protect patient information, provide yet another reason to ramp up information security efforts, especially investments in technologies, such as encryption, that can have a major impact on breach prevention.
"The recent surge in class action lawsuits is yet another compelling reason for organizations to make necessary investments in privacy and security safeguards," says Adam Greene, a partner at the Washington law firm Davis Wright Tremaine who formerly worked at the Department of Health and Human Services' Office for Civil Rights, which enforces HIPAA. "Whether or not a class action suit is successful, defending such a suit represents a significant drain of time and money and ensures unwelcome headlines. Additionally, if one of these suits succeeded in court, the damages could be staggering, and the precedent could have a huge impact across the industry."
So when the time comes to prepare your IT budget, have the headlines about class action lawsuits handy to show those who hold the purse strings.