Influencers
Data privacy , a growing strategic initiative Gary Hayslip , CISSP
Vice President & CISO , Webroot Inc .
The aggregation of new threats , laws and consumer activism makes data privacy a strategic initiative for today ’ s businesses to adopt as part of their core business operations .
*** Article originally published by CSO Magazine on January 22nd , 2018 .
January 28 was Data Privacy Day , an international event to create awareness about the importance of respecting privacy , safeguarding data and facilitating trust . In our current dynamic business environment where everything seems to be connected , millions of businesses are unaware of or uninformed about how their personal and business information is being used , collected or shared .
In a study conducted by the Ponemon Institute in September 2017 , there were several alarming statistics around the state of today ’ s businesses being able to protect their sensitive information . These issues paint a picture of the escalating threats that businesses face as many of their security programs and initiatives lag or are static at best .
52 % of respondents reported they had experienced at least one ransomware attack , with over 79 % stating that the ransomware was unleashed due to phishing or social engineering attacks .
54 % of respondents reported that their breach involved sensitive information about customers , employees or business plans , with the average breach now involving over 9,000 records .
Organizations continue to struggle to provide budget , technology , and personnel to manage security – 36 % of respondents reported they are now outsourcing their IT security operations to outside partners .
The toll of a cyber attack is becoming costlier , the impact on the business due to damage / theft is averaging $ 1.2 million and the disruption caused by a cyber-incident is also averaging $ 1.2 million . Examples of these costs include :
cost to forensically recover lost or damaged sensitive information ;
liability costs to the business from lawsuits ( customers , vendors , partners etc .);
cost of fines due to not meeting compliance / regulation requirements or contractual requirements ; and
cost due to the loss of business opportunities from brand damage or loss of data , facilities , etc .
As businesses face the shock of these threats to their operations , they also must be aware that consumers are now more concerned than ever about the security of their private information . Every day , people are beginning to feel the effects of the hyper-connected society we live in where their private data is requested by companies to receive services . In these transactions , consumers assume their private information is being protected . Businesses must be cognizant that consumers are now willing to change their buying behavior and shift brands if they feel a business is at fault for a data breach to their sensitive data .
To help businesses understand this convergence of data privacy and cybersecurity , there are several recommendations they can
4