Today, cybercriminals are working around the clock to create and deploy new threats as fast as companies can react to them. Hacking and theft of intellectual property is becoming more prevalent and costly. Unfortunately, while threats are on an upswing, it has been reported that corporate spending on cyber-protection has decreased. According to the “Global State of Information Security Survey 2015” conducted by PricewaterhouseCoopers, respondents in 2014 reported that the number of detected incidents soared to a total of 42.8 million, or a 48 percent leap over 2013, with financial losses increasing 34 percent over 2013. Security spending actually declined last year, reversing a three-year trend. The average information security budget dipped to $4.1 million in 2014, down four percent from the $4.3 million average spend in 2013. In order to maximize the chances of repelling an attack, it is incumbent upon organizational leaders to focus on staying ahead of the curve.
Elevating the security of an organization must first acknowledge the fact that it is not just an IT function. Because a data breach can be so devastating, all functional areas within a company must be intimately involved. Compliance with legal and regulatory requirements along with their accompanying fines is one thing. Loss of credibility, loss of trust and destruction of a firm's brand are other potential repercussions that reach far beyond the IT department. The average cost to a company for a data breach was $3.5 million in 2013, according to the “2014 Cost of Data Breach Study: Global Analysis” by Ponemon Institute. Target's brand lost $1 billion in value after its hacking incident was made public, including a 35-point reduction in value of its brand on the Brand Index scale days after the attack.
This should be a concern to all organizations, large and small. If large corporations such as retail entities or banks are being breached with relative ease, how much more vulnerable is the average company? Here are four commonly overlooked areas that companies can examine to immediately raise their security profile.
First, don't overlook internal threats. The people you trust the most may be misappropriating sensitive data for their personal gain. Organizations face the challenging task of balancing openness and trust with privacy and protection. Yet a data breach could be one USB drive or misplaced laptop away from occurring. Ensure that part of the onboarding process for new hires includes detailed information on the company's security policies, along with the potential repercussions for violating them. Most just sign the obligatory compliance form and forget, consider having reminders a regular part of annual performance reviews.