Does Your State Have Data Breach Notification Laws?

Do you understand your state’s data breach notification laws? If not, you’re not alone.

Just 33 percent of SMB decision makers feel “very confident” in their understanding of data breach legality — that’s according to a report released by Software Advice, an IT security software research company, that polled cyber security experts and decision makers from small- to medium-sized businesses throughout the U.S.Just 33 percent of SMB decision makers

According to those experts, that’s troubling. Symantec noted in a recent report that SMBs accounted for 30 percent of all spear phishing attacks in 2013, debunking the mentality among SMB decision makers that they’re not the target.

“At the end of the day, every company is likely to have a data breach of some kind,” Heather Buchta, an e-commerce expert and partner at legal firm Quarles and Brady, said in the study.

While companies across the board are likely to encounter an attempted attack, only 49 percent of SMBs have a data breach response plan. Just 58 percent of SMBs have regular vulnerability assessments, despite data breach regulations in 47 states across the U.S., including Minnesota and Wisconsin.

Adhering to data breach notification regulations isn’t the only headache companies have to deal with following an attack. The public relations fallout from breaches have a drastic impact on customer trust and are likely to lead to lawsuits — a costly consequence for organizations across the board.

“A more informed and active customer base is becoming more litigious when it comes to sensitive or personal data,” Geoff Webb, senior director of solutions strategy at NetIQ, said in the report. “While fines may be a headache, a slew of lawsuits can cause real damage to any business, large or small.”


Do you know where your company’s breach security stands? Find out your COR2 score.