Three Reasons Why Cyber Security Is a Business Issue, Not an IT Issue

By

By the end of 2015, the top 10 data breaches impacted over 160 million customer records and destroyed more than 3 trillion dollars of market value.  Gone are the days when the responsibility and impact of security could be relegated deep within locked rooms filled with glowing computer screens. The consistent and silent failure of security technologies has placed us in a world where in order to change outcomes, security decisions must be central to business strategy.

Cyber security is among the most pressing challenges of our time.  It’s time for a holistic approach that addresses the human factors, the brand and reputation risks, and the financial damage caused by these incidents. 

Human 

There was a moment when companies believed their users were protected within a strong perimeter. That no longer exists. In a mobile-first, cloud-first world, employees work on corporate applications and access sensitive data from on-premises and cloud-based systems using every type of device. This is a business choice made to improve productivity and achieve efficiency.

While there is an immense opportunity for enterprises and individuals to derive personal and professional value from today’s connected technologies, the fact remains that humans enable 97 percent of breaches.

This is the human element that business leaders must grapple with. Those who have the authority and ability to take action must foresee the risks and challenges that the individuals pose while avoiding a reflexive reaction to hold the same individuals hostage to a host of ineffective educational programs, subtle and overt reprimands and limited capabilities. 

If an organization fails to address cyber security as a business issue it is creating a disconnect that drives a lower rate of attack recognition, as evidenced by Verizon’s findings. The result is also collateral damage in the form of confusion and uncertainty rather than a unified understanding of how to approach cyber security response and preparation for the next attack.

If cyber security were simply an IT problem, implementing new layers of security would be enough to solve the problem. No form of data encryption, no firewall policy, no iron-spiked wall of cyber defense safeguards can account for the carefully orchestrated human cooperation that must take place to secure an organization.

Tangible Financial Damage

There are four ways data breaches impact an organization financially:

  1. The tangible costs for addressing the damage and improving the overall security posture
  2. Regulatory and other fines to be paid post-breach
  3. Punitive or economic liability toward any end consumers who are affected by these breaches
  4. Associated market losses that typically occur when news of these events becomes public

Companies must focus on the tangible costs they incur repairing damage from a breach. Target spent $162 million between 2013 and 2014 to clean up the aftermath of its data breach. Additionally, companies often must pay fines to regulatory bodies. Cox Communications must pay  $595,000 to The Federal Communications Commission (FCC) in fines related to the cable provider’s data breach. Third, breached companies are often responsible for punitive or economic liability toward customers who suffer as a result of the breach. Experian, the entity responsible for the T-Mobile data breach, offered customers two free years of its ProtectMyID service — typically a $15.95 monthly subscription. Finally, many companies’ market caps fall immediately after a cybersecurity breach. TalkTalk’s, the small telecom service provider, stock traded down 30 percent after news of their data breach broke.

Oren Falkowitz, Area 1 Security

Breaches Damage the Brand

In October this year it became public that hackers had stolen personal information from around 15 million T-Mobile customers over the course of two years.  Since the breach T-Mobile’s CEO has issued an apology and the company has dedicated resources to developing breach-related FAQ and resources pages for customers. Three United States senators found the breach important enough they issued a letter to T-Mobile and Experian. The two companies are currently embroiled in a number of class-action lawsuits related to the breach.

Consumers surveyed revealed they would shop less frequently at a retailer after a data breach. Worse, 85 percent would tell others about their experience after a retailer’s data breach — a sign that brand image problems do not stop with those directly affected. Companies must climb a steep hill to repair their brand after cyberattacks jeopardize customer information. Enlisting IT to patch the cracks in the cyber defense wall may help ensure future breaches do not occur. But IT’s network patches will not repair consumer perception of the company in question.

The notion that cyber security is a business problem may only just be an annoying voice in the back of executives’ heads. For many it is still an issue to silo off into a dark corner, to sweep away under IT’s rug. But there is a human reason, a brand reason, a financial reason cyber security is and must continue to be a company-wide mandate, from the C-suite all the way down.

There will always be new threats and new attacks against businesses. Yet companies can take actions today to address security concerns and improve their security postures. These actions, when holistic in nature and led as central to the business, can protect the individual people, shore up company brand reputation and mitigate the resulting financial impact felt as the result of a cyberattack.  




Edited by Kyle Piscioniere
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

How to Protect Your Website From LDAP Injection Attacks

By: Contributing Writer    3/12/2024

Prevent LDAP injection attacks with regular testing, limiting access privileges, sanitizing user input, and applying the proper encoding functions.

Read More

Azure Cost Optimization: 5 Things You Can Do to Save on Azure

By: Contributing Writer    3/7/2024

Azure cost optimization is the process of managing and reducing the overall cost of using Azure. It involves understanding the resources you're using,…

Read More

Massive Meta Apps and Services Outage Impacts Users Worldwide

By: Alex Passett    3/5/2024

Meta's suite of apps and services are experiencing major global outages on Super Tuesday 2024.

Read More

The Role of Technology in Shaping the Future of Affiliate Marketing

By: Contributing Writer    3/5/2024

In the current rapidly growing digital world, affiliate marketing is still one of the most effective ways for businesses to increase their visibility …

Read More

The Steps You Can Take To Improve Customer Service For Your Business

By: Contributing Writer    3/5/2024

When you're in a competitive market, providing exceptional customer service is crucial for the success and growth of your business. Good customer serv…

Read More