Canadian Underwriter
Feature

Security Check


February 1, 2015   by Willie Wong, Security Leader, IBM Canada


Print this page Share

Guess what percentage of Canadians report being concerned about losing their financial or personal information held electronically by organizations? 10%? 30% 50%? Whatever the percentage, most individuals likely would not have guessed 81%.

That at least was the result of a Vision Critical survey, conducted late last year on behalf of IBM Canada, designed to evaluate awareness of data insecurity. Decision-makers of all types of businesses and organizations, even those who until now felt data insecurity would not touch their businesses, would be well-advised to heed the results and take a hard look at the potential bottom-line impact that a breach could have.

NOT NECESSARILY INFORMED

Interestingly, the survey of a random selection of 1,500 people showed that while 81% of respondents are somewhat or very concerned about their data being stolen, only 61% feel somewhat or very knowledgeable about data risks.

And, alarmingly, one-third of those polled are not aware of any incidents in the last two years where personal data was jeopardized, including within the institutions with which they deal personally.

That is a key statistic in light of the fact that some Canadian organizations have experienced significant downtime as a result of natural and man-made disasters, or security breaches. If the almost daily news reports of breaches occurring are an accurate picture of what is happening, the survey results are a clear indicator that more work needs to be done to educate Canadians regarding the value of data security.

WILLINGNESS TO SWITCH

Perhaps the most valuable information from the survey for organizations – and for underwriters – is that the lion’s share of polled Canadians, 86%, are somewhat or very likely to switch to a new organization if their personal or financial information is lost.

With breaches seemingly becoming all too common, and customers reporting that they are prepared to switch organizations, senior management cannot afford to ignore the value of protecting the data with which they have been entrusted.

Organizations face not only direct costs of the breach, but also hits to their reputations as well. The average length of downtime continues to be in the range of 3.5 to 4 hours, although associated costs are climbing.

For large businesses, those with 1,000-plus employees, the average cost of a data breach totals more than $2.5 million, note figures in the IBM 2014 Reputational Risk Study.

Overall, the average cost of a security breach is $11.6 million and can take as long as eight months to detect. In that time, customer confidence is lost and there is a significant possibility that it will never return. How will an organization rebound if, in fact, it ever does?

If organizations do not have the proper tools to figure out, first, if a breach occurred, and, second, how that breach occurred, it is not likely those organizations will be able to respond properly. And the accuracy of information, and how quickly it is available, is key to being able to control the situation.

That means data security must be looked at as a business investment.

RETURN ON SECURITY

Given the current environment, what is the return on investment (ROI) of insecurity? Some sectors may still be under the mistaken impression that the need to increase security does not include them. However, almost every type of industry or institution would experience pressure if personal data was breached, forcing a management shuffle or loss of reputation as a result of negative media coverage.

Some managers continue to rely on the old ways of safeguarding themselves from cyber threats, an approach that is clearly no longer good enough. With breaches becoming common, and customers ready to switch organizations, businesses cannot afford to ignore the value of securing the data.

In the absence of failing to address issues head-on, the situation will only continue to worsen.

The survey results show that with age, the number of people who report being very concerned goes up (three in 10 18- to 34-year-olds say they are very concerned compared to half of respondents 55 years and older).

The finding could indicate that age is a factor in the level of concern over personal data, which could possibly relate to having grown up with instant data as opposed to not having done so.

Additionally the survey shows that more than one-third of respondents feel they are not very or not at all knowledgeable about the risks of data security in organizations.

Traditional security technologies lack the sophisticated capabilities and visibility required to detect and protect against such attacks. At best, they solve a single facet of the problem.

Further, it must be acknowledged that many cyber criminals are skilled and patient enough to monitor an organization’s network over months or years, perhaps eventually seizing on an opportunity to steal sensitive information assets – intellectual property, credit card numbers and customer databases, among these – commit fraud or otherwise damage the organization.

TAKING PROTECTIVE MEASURES

So what should an organization do? It is essential that businesses make it a priority to put risk mitigation plans in place to ensure they are prepared in the event of a breach? Analyst reports and industry facts indicate that it is likely a security breach and/or availability issue will occur at a particular organization at some point in the future.

Organizations also need to consult a trusted security expert and put in place a plan to ensure ROI regarding data protection is a solid one. They must never be lulled into believing enough has been done to prevent every situation.

As such, businesses are advised to use the following five fundamental security principles:

•increase the security IQ of every employee;

•respond to incidents more quickly;

•safeguard cloud and mobile since that is where most organizational data is located;

•protect priority data since not all data has the same value; and

•leverage security intelligence as analytics provides threat insights.

It is imperative that businesses and organizations seek data security advice. It is not a matter of if, but rather when, a breach will happen.

The survey results offer security providers significant value with regard to Canadians’ overall awareness and attitudes related to the loss or theft of personal and/or financial information held electronically by organizations. There is clearly an opportunity to educate Canadians and Canadian organizations about the risks of data insecurity.

Delivering secure, reliable and flexible access to information is a key challenge many organizations face today.

Having a well-constructed approach to security to avoid data being compromised and costly security breaches from resulting is the best way to maintain customer loyalty and protect an organization’s brand.


Print this page Share

Have your say:

Your email address will not be published. Required fields are marked *

*