Do economic factors really trump everything we do?
I wrote a blog last week while attending the IASA conference and I quoted someone who claimed that when it comes to security concerns in the cloud—and he was speaking only of the cloud—the economics of storing your data in a public cloud trumps security concerns.
I understand where he was coming from. How much security is too much? Or, just enough? The answer is impossible to discern unless an incident occurs. When your systems or your data are attacked, I doubt that anyone would argue they have too much invested in security.
It has always intrigued me that the insurance industry—which looks to both protect its customers from risk and manage its own amount of risk exposure—still battles over investment in security. Security isn’t like fraud, where the old line of “the cost of doing business” was used by many carriers who had no strategy for dealing with claims fraud.
The cost of a security breach and the damage to a company’s reputation when private information is exposed to outsiders is even more monumental than fraud. In fact, a recent study conducted by AIG showed that the greater worry for those on the wrong end of a security breach may be loss of trust in your brand rather than direct financial damage. The loss of reputation can lead to a long-term erosion of a company’s market share.
There are a number of tools and methods for protecting your data, but the key to any security issue involves just one word: vigilance. Companies that believe a security system alone can keep hackers out of your systems are not fully prepared for what can happen to them.
Tracking the software and vulnerabilities is the only way that a good security system can do its job. But even all the steps in the world can’t save you when someone slips up and makes a mistake, exposing your data to the wrong people.
That’s when companies are looking around for their own trump card to save them and at that point it will be too late to throw money at the problem.