There’s a direct correlation between a company’s poor privacy practices and the likelihood of a data breach, according to a report from the data privacy platform Osano, The Osano Data Privacy and Data Breach Link. The report dubs it a “predictive relationship” tying together responsible privacy practices and security outcomes. Businesses with poor privacy practices are 80% more apt to experience a data breach. This was no better illustrated last week, when 130 Twitter accounts were exposed, including those of the democratic presidential nominee Joe Biden and entertainment mogul Kanye West. The fallout: Twitter now has a “very poor” Osano privacy score.
SEE: SSL Certificate Best Practices Policy (TechRepublic Premium)
Osano’s privacy score was developed as a response to the increasingly challenging landscape of data privacy. The evaluation measured the privacy practices of 11,000 websites against 163 factors. The benchmark for privacy performance included if commerce is involved, if shares or licenses data is provided to third parties or affiliates or if a company willfully collects data on children younger than 13.
In the last 15 years, 2.77% of companies reported a data breach.
Worst privacy scorers are also the least likely to be able, in retrospect, to identify the root of the breach. The highest number of data breaches were from hacker attacks, and financial industries were the most likely of businesses to be caused by inside or within-the-company jobs.
Governments are not only most likely to be breached, but have the lowest scores. Education and government websites are 15 times more likely to experience a breach than commercial websites. Nearly 30% of sites with .gov or .edu domains have suffered data breaches.
SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)
“In the face of nonstop breaches and increased data security awareness, consumer and shareholder confidence in businesses is slowly eroding. Businesses that fail to protect sensitive data will face serious negative consequences, and the report proves just how these phenomena move hand-in-hand,” said Osano co-founder and CEO Arlo Gilbert, in a press release. “There is a perception that privacy issues are akin to a speeding ticket–a risk worth running. Companies that don’t change their perception are facing higher odds of experiencing a data breach and losing the trust they’ve built with their customers.”
The Osano report found that there are many causes for data breaches and low Osano privacy scores including:
- Willful ignorance
- Oversight of privacy best practices that increase risk exposure
- Company culture
- Third-party vendors
The average business shares data with 750 different vendors, and third parties were deemed responsible for two of every three data breaches.
The key trends Osano identified were:
- The growing challenges of changing vendor policies and notifications,
- The more public awareness and subsequent concern over data privacy, and
- The increasing legislative activity, which directly relates to data security.
The bottom line is for companies to avoid data breaches, they need to adopt the practices of the top scorers from Osano’s report and have a profound understanding that companies with insufficient policies and poor privacy protections are much more likely to experience accidental disclosures, hacking attacks, and other data-related incidents.