Data to Drive Operational Excellence

Benchmarking Privacy Incidents 2020

How does your incident response process stack up?

If there is one constant in privacy, it is data breach notification. When someone gains unauthorized access to personal data, virtually every organization must begin to work through a series of steps that will determine whether data subjects must be notified or whether the risk of harm is sufficiently mitigated to make that step unnecessary.

However, while the experience may be a constant, there is very little benchmarking data by which organizations can understand whether their practices are in line with best practices — until now.

By benchmarking your program against your industry and others, you will better understand where to apply resources or examine your operations.

With this report, we present hard numbers that document reality on the ground.

Here’s a sampling of some findings:

  • A third of all incidents were paper-based in 2019, vs. 61% that were electronic in nature.
  • Only 2% of incidents in the past two years were caused by malicious actors.
  • Less than 1% of incidents involve more than 500 data subjects.
  • The average electronic breach involves more than four jurisdictions.

Download Now >

Why Benchmark?

Data analysis and benchmarking privacy incidents provides data-driven and actionable insights into your organization’s privacy program, making it easier to identify trends and uncover issues important for continuous improvement of your incident response process.

The inaugural Privacy Incident Benchmark Report is the first of its kind – an in-depth analysis of data incidents involving regulated personal information that establishes unique industry-specific breach notification benchmarks.

How long does it take on average to make a notification decision?
How many incidents are actually notifiable after sufficient risk mitigation and a documented and defensible risk assessment?

The report reveals these industry benchmarks, plus many more.

Download the Report Now