Three Reasons Why Cyber Security Is a Business Issue, Not an IT Issue

By Special Guest
Oren Falkowitz, CEO and co-founder, Area 1 Security
January 19, 2016

By the end of 2015, the top 10 data breaches impacted over 160 million customer records and destroyed more than 3 trillion dollars of market value.  Gone are the days when the responsibility and impact of security could be relegated deep within locked rooms filled with glowing computer screens. The consistent and silent failure of security technologies has placed us in a world where in order to change outcomes, security decisions must be central to business strategy.

Cyber security is among the most pressing challenges of our time.  It’s time for a holistic approach that addresses the human factors, the brand and reputation risks, and the financial damage caused by these incidents. 

Human 

There was a moment when companies believed their users were protected within a strong perimeter. That no longer exists. In a mobile-first, cloud-first world, employees work on corporate applications and access sensitive data from on-premises and cloud-based systems using every type of device. This is a business choice made to improve productivity and achieve efficiency.

While there is an immense opportunity for enterprises and individuals to derive personal and professional value from today’s connected technologies, the fact remains that humans enable 97 percent of breaches.

This is the human element that business leaders must grapple with. Those who have the authority and ability to take action must foresee the risks and challenges that the individuals pose while avoiding a reflexive reaction to hold the same individuals hostage to a host of ineffective educational programs, subtle and overt reprimands and limited capabilities. 

If an organization fails to address cyber security as a business issue it is creating a disconnect that drives a lower rate of attack recognition, as evidenced by Verizon’s findings. The result is also collateral damage in the form of confusion and uncertainty rather than a unified understanding of how to approach cyber security response and preparation for the next attack.

If cyber security were simply an IT problem, implementing new layers of security would be enough to solve the problem. No form of data encryption, no firewall policy, no iron-spiked wall of cyber defense safeguards can account for the carefully orchestrated human cooperation that must take place to secure an organization.

Tangible Financial Damage

There are four ways data breaches impact an organization financially:

  1. The tangible costs for addressing the damage and improving the overall security posture
  2. Regulatory and other fines to be paid post-breach
  3. Punitive or economic liability toward any end consumers who are affected by these breaches
  4. Associated market losses that typically occur when news of these events becomes public

Companies must focus on the tangible costs they incur repairing damage from a breach. Target spent $162 million between 2013 and 2014 to clean up the aftermath of its data breach. Additionally, companies often must pay fines to regulatory bodies. Cox Communications must pay  $595,000 to The Federal Communications Commission (FCC) in fines related to the cable provider’s data breach. Third, breached companies are often responsible for punitive or economic liability toward customers who suffer as a result of the breach. Experian, the entity responsible for the T-Mobile data breach, offered customers two free years of its ProtectMyID service — typically a $15.95 monthly subscription. Finally, many companies’ market caps fall immediately after a cybersecurity breach. TalkTalk’s, the small telecom service provider, stock traded down 30 percent after news of their data breach broke.

Oren Falkowitz, Area 1 Security

Breaches Damage the Brand

In October this year it became public that hackers had stolen personal information from around 15 million T-Mobile customers over the course of two years.  Since the breach T-Mobile’s CEO has issued an apology and the company has dedicated resources to developing breach-related FAQ and resources pages for customers. Three United States senators found the breach important enough they issued a letter to T-Mobile and Experian. The two companies are currently embroiled in a number of class-action lawsuits related to the breach.

Consumers surveyed revealed they would shop less frequently at a retailer after a data breach. Worse, 85 percent would tell others about their experience after a retailer’s data breach — a sign that brand image problems do not stop with those directly affected. Companies must climb a steep hill to repair their brand after cyberattacks jeopardize customer information. Enlisting IT to patch the cracks in the cyber defense wall may help ensure future breaches do not occur. But IT’s network patches will not repair consumer perception of the company in question.

The notion that cyber security is a business problem may only just be an annoying voice in the back of executives’ heads. For many it is still an issue to silo off into a dark corner, to sweep away under IT’s rug. But there is a human reason, a brand reason, a financial reason cyber security is and must continue to be a company-wide mandate, from the C-suite all the way down.

There will always be new threats and new attacks against businesses. Yet companies can take actions today to address security concerns and improve their security postures. These actions, when holistic in nature and led as central to the business, can protect the individual people, shore up company brand reputation and mitigate the resulting financial impact felt as the result of a cyberattack.  




Edited by Kyle Piscioniere


SHARE THIS ARTICLE
Related Articles

Mist Applies AI to Improve Wi-Fi

By: Paula Bernier    11/9/2017

Mist has created an AI-driven wireless platform that puts the user and his or mobile device at the heart of the wireless network. Combining machine le…

Read More

International Tech Innovation Growing, Says Consumer Technology Association

By: Doug Mohney    11/8/2017

The Consumer Technology Association (CTA) is best known for the world's largest trade event, but the organization's reach is growing far beyond the CE…

Read More

Broadcom Makes Unsolicited $130B Bid for Qualcomm

By: Paula Bernier    11/6/2017

In what could result in the biggest tech deal in history, semiconductor company Broadcom has made an offer to buy Qualcomm for a whopping $130 billion…

Read More

How Google's 'Moonshot' Could Benefit Industrial Markets

By: Kayla Matthews    10/30/2017

The term "moonshot" encapsulates the spirit of technological achievement: an accomplishment so ambitious, so improbable, that it's equivalent to sendi…

Read More

After Cisco/Broadsoft, Who's Next for M&A?

By: Doug Mohney    10/27/2017

Cisco's trail of acquisition tears over the decades includes the Flip video camera, Cerent, Scientific Atlantic, Linksys, and a couple of others. The …

Read More