SANS Institute Survey Casts Light on Data Breach Prevention Practices

Data breaches are costing U.S companies dearly, yet even though organizations have been adopting new data breach prevention practices, data is being accessed and stolen more than ever before. Preventing data breaches has become a priority for many organizations, although there are many barriers which companies struggle to overcome.

According to a recent survey conducted by the SANS Institute, there is a clear disconnect between the identification of the best data breach prevention practices to adopt, and those that are actually used to prevent the improper accessing of sensitive data.

The survey shows that while data breach prevention practices have evolved and cybersecurity technologies are being implemented, many organizations have not done enough to keep their sensitive data secure. 85% of survey respondents said that blocking malware is an important way of preventing data breaches, yet only 40% of respondents said that they had implemented the technology to allow them to do this.

Robust security testing is also essential according to 63% of survey respondents, yet only 39% said that robust security testing occurred at their organization. Metrics-based evaluation and reporting was also considered to be an important preventative strategy by 60% of respondents, yet only 40% said they used evaluation and reporting in their data breach prevention strategies.

Progress is being made to improve cybersecurity protections, but organizations face considerable budgetary constraints. Legacy infrastructures are also stopping many organizations from taking a more proactive stance when it comes to protecting sensitive data.

Organizations are also finding it difficult to recruit and retain the right employees. Many organizations find that their staff simply do not have the necessary data breach prevention skills.

Understanding the best measures to adopt to prevent data breaches is all well and good, but unless those data breach prevention practices are adopted, breaches will continue to occur. The survey results suggest that it is difficult for many IT professionals to communicate the need for security measures to decision makers in their organizations.

Chief security officer, Palo Alto Networks explained that it is now essential for organizations to “adopt a breach prevention-oriented mindset, the combination of next-generation technology, improvements in processes and training, and real-time sharing of threat intelligence.” Only then will it be possible to reduce the number of successful cyberattacks.

As SANS Institute senior analyst Barbara Filkins pointed out, “Many data breaches can be avoided or the impact mitigated, but preventing them continues to be a challenge in the real world.”

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of