CORPORATE EXECS NEED TO KNOW THEIR BUSINESS RISK
With technology so entrenched in every aspect of business, one would be surprised to learn how little executives are prepared to cope with the risk and challenges it creates.

Despite the barrage of data breach disclosures being published and the negative impact in terms of cost expenditures and reputation, few companies have taken the appropriate steps to prevent a data breach or have an effective incident response plan in place for dealing with an incident should one occur.

According to Larry Ponemon, founder and chairman of the Ponemon Institute, and past guest of The Watchdog Report, “When it comes to delivering the needed compliance measures within organizations, there is a big disconnect between the IT security leader or the CIO, the CEO, and the board. A lot of folks in the IT world have a difficult time providing the ROI or value proposition of what they do until there is a problem. Then when a breach does happen, you get believers pretty quickly along with the resources to do compliance the right way.” Larry also pointed out that unfortunately, more often than not, if a disaster isn't happening, there is a general complacency that prevents an organization from funding preventative measures.

A recent national study independently conducted by the Ponemon Institute, and commissioned by Scott & Scott, LLP, a law and technology services firm, surveyed 702 US-based C-level executives, managers, and IT security officers in mid-size to large businesses spanning various industries. The survey entitled “The Business Impact of Data Breach” concludes that 85% of organizations surveyed experienced a data breach event and more than 57% of those respondents said they did not have an incident response plan in place.

The most significant finding from the survey was that 46% of respondents failed to implement encryption solutions even after suffering a data breach. The purchase of e-mail encryption solutions are estimated to take off this year just as laptop encryption significantly increased last year. Yet, still too many companies are slow to deploy this technology even though it is currently the single most effective way to secure sensitive

corporate and customer data. Under most privacy statutes, if data is protected with encryption the business is free from notification requirements. Encryption technology is relatively inexpensive and certainly outweighs the impact associated with a data security breach.

Executives need to take the reins of their company security and drive the proper policies and controls to mitigate and prepare for the legal, regulatory, and financial risks associated with a security failure. “In order to reduce a company's risk, they must stop being reactive and start being strategic,” said Larry Ponemon. “They have to look at security as an eco system in much the same way one looks at environment. Contingency planning, being proactive, and having a plan and sticking to it is going to be very important for companies,” he added.

---

UPCOMING INFORMATION SECURITY BRIEFING FEATURING FBI CYBERCRIME KEYNOTE
On September 20, NCX Group will be conducting its yearly Information Security Executive Briefing in Santa Ana, California. The keynote speaker is an FBI Special Agent from the Orange County FBI Cybercrime division. He will bring businesses up to date on how hackers are accessing systems, and the methods and tools being used to accomplish their scheme.

Mike Fitzpatrick, president and CEO of NCX Group, will speak on security compliance legislation and how non compliance increases your business risk.

The Information Security Executive Briefing is a free event. Enter here to register and learn more. We look forward to seeing you there.

---

NCX Group, Inc.
5000 Birch Street, West Tower, Suite 3000
Newport Beach, CA 92660
888-448-5451