Influencers
Data privacy, a growing strategic initiative Gary Hayslip, CISSP
Vice President & CISO, Webroot Inc.
The aggregation of new threats, laws and consumer activism makes data privacy a strategic initiative for today’ s businesses to adopt as part of their core business operations.
*** Article originally published by CSO Magazine on January 22nd, 2018.
January 28 was Data Privacy Day, an international event to create awareness about the importance of respecting privacy, safeguarding data and facilitating trust. In our current dynamic business environment where everything seems to be connected, millions of businesses are unaware of or uninformed about how their personal and business information is being used, collected or shared.
In a study conducted by the Ponemon Institute in September 2017, there were several alarming statistics around the state of today’ s businesses being able to protect their sensitive information. These issues paint a picture of the escalating threats that businesses face as many of their security programs and initiatives lag or are static at best.
52 % of respondents reported they had experienced at least one ransomware attack, with over 79 % stating that the ransomware was unleashed due to phishing or social engineering attacks.
54 % of respondents reported that their breach involved sensitive information about customers, employees or business plans, with the average breach now involving over 9,000 records.
Organizations continue to struggle to provide budget, technology, and personnel to manage security – 36 % of respondents reported they are now outsourcing their IT security operations to outside partners.
The toll of a cyber attack is becoming costlier, the impact on the business due to damage / theft is averaging $ 1.2 million and the disruption caused by a cyber-incident is also averaging $ 1.2 million. Examples of these costs include:
cost to forensically recover lost or damaged sensitive information;
liability costs to the business from lawsuits( customers, vendors, partners etc.);
cost of fines due to not meeting compliance / regulation requirements or contractual requirements; and
cost due to the loss of business opportunities from brand damage or loss of data, facilities, etc.
As businesses face the shock of these threats to their operations, they also must be aware that consumers are now more concerned than ever about the security of their private information. Every day, people are beginning to feel the effects of the hyper-connected society we live in where their private data is requested by companies to receive services. In these transactions, consumers assume their private information is being protected. Businesses must be cognizant that consumers are now willing to change their buying behavior and shift brands if they feel a business is at fault for a data breach to their sensitive data.
To help businesses understand this convergence of data privacy and cybersecurity, there are several recommendations they can
4