Information security is so important for the safety and privacy of sensitive data that some States are going so far as to enforce organizations to implement the necessary measures.  Since executives are split between really bringing security into the business process and due to a number of CIOs failing to have the means to implement a holistic risk management posture, a little push has become necessary.

 

Recently California Attorney General has made it obligatory for companies to hire a chief privacy officer.  The actions by the California Attorney General make it clear that if a business is going to be in good standing with their privacy and security practices they must have an expert working on the premises.  The fact that some businesses still don’t have a privacy expert onboard means security is not part of their business plan either.

 

Although organization executives may feel this imposition to be the State overstepping their grounds, in this case it really isn’t something that should be looked at as an imposition.  Any business that wishes to grow should have a CIO or CPO in their office.  Especially, when recent studies, the latest by Ponemon Institute, have shown just how much it costs to fight cybercrime.

 

  • The average business spends $15 million a year battling cybercrime, which is up 20% compared to last year.
  • Furthermore, businesses that allocate sufficient budget for cybersecurity reduce those costs by $2.8 million a year.
  • Also, employment of expert security personnel saves companies $2.1 million a year, and hiring a CISO or similar high-level security leader saves $2.0 million.

 

It should come to no surprise that spending wisely on cybersecurity and having an expert on the matter reduces the costs businesses will face from breach, whether due to insider threats or outside ones.  What is shocking is the need to force businesses to take the right steps and at the very least hire someone who can steer them in the right direction when it comes to protecting data.

 

With the first step of one State deciding to take matters into their own hands by forcing data privacy and security to be in the forefront of the business process; one can foresee other States following the lead or at least organizations realizing what they could face if they don’t do the same and get serious about information security within their enterprise.

 

Do you have a security expert working with you to ensure you have all it takes to secure your data and enterprise network?

 

Photo courtesy of Mathias Rosenthal