Scandalous pictures of latest superstar is the type of privacy breach that makes headlines, but it is the lack of risk management toward other, less scintillating, breaches that is truly scandalous.
Privacy breaches can happen anytime, anywhere, whether it is tweeted, YouTube(d), Facebooked or even from old-school technologies like laptops or even paper files (oh the humanity!)
So how about this headline I ran across? "Digital photocopiers loaded with secrets." A CBS News expos? found some alarming things, ranging from detailed domestic violence complaints and a list of wanted sex offenders to 300 pages of individual medical records, all from used copy machines. Click here to view story.
The point is, just when you think you have cyber issues under your thumb and in control, you find there's a lot more lying under your nose! And here I thought the only breach that might happen at a copy machine is when I print off a document (double-sided), forget to pick it up (often), and then someone else grabs it (unintentionally, of course).
Everyone has a security and privacy risk. We're now born with it. And it is not becoming a serious issue - it already is. In 2009, according to the Open Security Foundation, there were 554 data breach incidents reported affecting a staggering 220 million records! - that means one record for every 1.36 people in the United States.
Just as stunning are the costs. The average cost of a data breach rose to $204 per record in 2009, this according to the Ponemon Institute's 2009 Annual Study: Cost of a Data Breach. The average organizational cost per breach was $6.75 million. The least expensive breach in their survey? $750,000.
This is not nano-sized stuff. It is a huge exposure, and yet very few firms are addressing that risk by buying security and privacy insurance. Some firms understand the risk and want to absorb the cost of risk -that is perfectly reasonable. The reality, however, is that most firms do not know the risks and are ill-prepared to handle such a costly event. The most common excuse I hear is "they will buy it when claims start coming in." What, are 220 million records not enough real-life occurrences?
What are you seeing out there? Is there a generational gap amongst customers-i.e. younger risk managers are more understanding of the risk? Does the level of e-risk savviness vary by customer industry?
It's a brave new world out there, and will we be brave enough to proactively help our clients secure themselves from this issue?
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.