Due to the enforcement of breach disclosure, the public has become more aware of the serious danger their data and privacy face. The public’s reaction to breach announcements is loss of trust in the companies that have been breached. A perfect example of this reaction is Target; it is still losing financially, even though the company has been active in stepping up their security and reassuring the public. We see individuals somewhat reacting to breach news, but what about organizations and the executive team?
Multiple security industry reports show that organizations think their security is in good standing, that measures aren’t being taken to develop a holistic risk management plan, continuous monitoring hasn’t been implemented, and the communication gap between CIOs and the C-Suite is still far from closed. It seems the announcements of breach are falling on deaf ears, which brings us to some bigger questions: Do business leaders really care about privacy? And what level of privacy do they want to offer their customers?
Although customers are not shaming breached businesses as could have been expected, this is no excuse for the non-responsiveness organizations have been demonstrating to security risks. Having breach insurance to cover a lawsuit following the incident isn’t enough, nor should it be. If institutions really care about information security and privacy they shouldn’t be treating it like a checkbox list, it’s more than that.
Even if privacy per se may be somewhat dead due to all information being online and accessible to a wide range of entities, including malicious intruders, organizations still owe it to the people to protect their data and privacy, to make them feel safe. Those individuals who fully understand the risks involved in privacy and data theft are very concerned with how their information is being secured; they probably just don’t know how they can force businesses to increase security. As for those who are not making a big deal about breach, they may just be tuning out the stories due to overload or they don’t fully understanding the impact of a security breach, or they think there is nothing they can do to get organizations to maintain their privacy and data secure.
A business leader does not treat privacy lightly and does not brush off the notion that customers could find themselves in a situation of identity theft that will take years to resolve or in a worse situation ensuing from a breach incident. If you are a CEO, CIO, or executive you have the knowledge of what breach means on a large scale; you also know what it will mean for your business. If you take pride in what you do, you will take action before it’s too late and you will care to protect the privacy of your customers. It comes down to what’s your security “why,” but also what’s your business “why.”
Business executives know what needs to be done, and the daily reminders reinforce that knowledge. The choice of taking privacy and information security seriously and to the next level is up to you.
Photo Courtesy of Carlos Amarillo