By Salvatore Stolfo on Mar 27, 2019 6:03:18 PM
As the world grapples with growing consumer privacy concerns and related regulations, combined with daily, costly data breaches, cybersecurity skills are in more demand than ever. And not just at the IT level. Privacy and security are now a significant factor in the profitability and financial well being of a company, as well as the larger economy.
I’ve discussed the cost of a data breach at length, most recently in a piece in the ISACA Journal where I pointed out that: “In the United States, the cost of a breach, on average, is a staggering US $3.86 million, up 6.4 percent from the prior year’s analysis. These statistics should be of real concern. And this is just the tangible costs of a breach. This amount does not account for the costs of regulatory fines. Hence, the numbers seen in this report must be considered a lower bound. Other potential costs include expenses associated with litigation, fines for regulatory noncompliance and lost revenue due to customers who leave as a result of a breach.”
Additionally, regulations are no longer letting organizations off the hook for liabilities: “The most vexing aspect of these new regulations is that the liability for data lies with the originating organization. This means that an organization is responsible for the security of that data regardless of with whom the data are shared and how the data are handled once they are outside of the originating organization’s control.”
If there is one thing corporations hate, it’s losing money. Investors hate it even more. And history shows us that the IT industry is considered key to sustained economic growth. Here is an economist's view in a 2001 paper: "The resurgence of the American economy since 1995 has outrun all but the most optimistic expectations. Economic forecasting models have been seriously off track and growth projections have been revised to reflect a more sanguine outlook only recently. It is not surprising that the unusual combination of more rapid growth and slower inflation in the 1990's has touched off a strenuous debate among economists about whether improvements in America's economic performance can be sustained.
The starting point for the economic debate is the thesis that the 1990's are a mirror image of the 1970's, when an unfavorable series of "supply shocks" led to stagflation -- slower growth and higher inflation. In this view, the development of information technology (IT) is one of a series of positive, but temporary, shocks. The competing perspective is that IT has produced a fundamental change in the U.S. economy, leading to a permanent improvement in growth prospects."
This trend continued, as outlined in this more recent assessment of the “technology economy”: “...given the fast-paced emergence of disruptive products and business models, as well as the transformative power of digital technologies on business and society, executives must become masters of the global “technology economy”, being capable of detecting the economic impact of such fast technological changes and respond with similar speed and foresight.”
It is no wonder congress considers the IT dependency of the economy demands regulations to ensure IT is kept safe by all major US corporations, as seen in the recent introduction of a bill that would require public firms to disclose cybersecurity expertise in leadership. According to the article, the press release announcing this initiative cited a study from Identity Theft Resource Center that found there was a 126 percent rise of data breaches that exposed records containing personally identifiable information. This rise took place across all industries, from 197.6 million in 2017 to 446.5 million in 2018.
Other high profile insider threats (https://www.darkreading.com/informationweek-home/tesla-employee-steals-sabotages-company-data/d/d-id/1332098) were reported where core company intellectual property was lost from employee malfeasance. Company boards clearly should be very concerned that cyber attacks could see the company’s core assets lost with a few keystrokes. It is imperative that these boards have the depth of knowledge to ensure their company’s are operating to protect their IT infrastructure with state of the art measures.
This is an unsustainable trend that must be addressed at the highest levels of business and government. Echoing this sentiment, Rep. Jim Himes of Connecticut said: “Publicly traded companies should have an obligation to let their shareholders know how they are addressing these serious threats or explain why they are not taking measures to counter attacks. Billions of dollars of American wealth are at risk, and I am tired of seeing American companies play catchup against our geopolitical rivals or lone-wolf threats"
Is your leadership taking cybersecurity seriously enough? Now might be a good time to take stock...to protect stock.