"It used to be expensive to make things public and cheap to make them private. Now it’s expensive to make things private and cheap to make them public." — Clay Shirky
Today, technology is becoming core for any business and companies that are becoming more dependent on their information systems, with threats to public and personal data increasingly more real. To have an edge over their competition and with companies investing heavily on SMAC (Social, Mobile, Analytics & Cloud) and Internet of Things (IoT), they are exposing their business to new forms of information security risks. More often than not, companies have a very reactive approach to security in which there is minimal security strategy in place if none at all.
The following 7 reasons are important to understand and know that no company can afford to ignore security in today’s changing landscape of disruptive innovation with technologies and processes.
#1. Financial losses: Security breaches can lead to business interruptions, which directly impacts the financials of a company. An attack that leads to downtime for a data center can cost businesses nearly $8,000 per minute. Considering that the average downtime for each incident is almost 1.5 hours, companies stand to lose almost $700,000 due to downtime.
#2. Intellectual property theft: Even though companies are becoming better at protecting themselves from an outside threat, the view is that theft of intellectual property more often happens intentionally or inadvertently by the existing employees. Social media is the biggest medium through which free-flowing data leakage could happen. Phishing scams, whereby attackers try to elicit information from individuals, pose a significant threat as well.
#3. Damage to the reputation: In today’s world, reputation risk ranks among companies’ top strategic risks, and security is one of the primary drivers of reputation risk. According to The Reputational Impact of IT Risk:
- 46% of organisations suffered damage to their brand reputation and value, as a result of a security breach and
- 19% of organisations suffered damage to their brand reputation and value, as a result of a third-party security breach.
#4. Fraud: General perception is that fraud happens mainly in banking and online retail shopping but the fact remains that all companies are vulnerable to fraud. Almost all companies use systems for online transactions, which are always vulnerable for attacks where hackers do major fraud. Unfortunately, today there is less protection for recovery of stolen funds under the law for businesses than for consumers, which makes companies more prone.
#5. Extortion: Number of extortion cases are on the rise with extortionist groups threatening companies that their web sites would face a distributed denial-of-service (DDoS) attack if they do not pay ransom. Recent Ashley Madison data breach is an example of how a company can be extorted and the irreversible damage it could cause to the company and its stakeholders.
#6. Loss of shareholder value: Highly publicized data breaches at Sony Pictures, Anthem Insurance, Ashley Madison and other major businesses continue to put loss of shareholder value at high risk. Ashley Madison CEO quit after the data breach, which caused a major loss of shareholder value.
#7. Legal Implications through lawsuits: In recent times, companies have experienced possible damages due to lawsuits from security breaches and the overall loss of customers. The average cost for a legal defense stands at half a million dollars, while the average cost of a settlement reaches seven figures at one million dollars. Again Ashley Madison is a good example of the legal implications affecting the company.
Let us not look back in anger or forward in fear, but around in awareness. — James Thurber
I will be sharing more information on Security including how to strategize and plan for Security, Risk and Compliance. Also sharing how to align Secured Software Development Lifecycle (SDLC) using Agile or Waterfall methodology and how security can be trained, initiated, planned, analyzed, designed, implemented and maintained. Meanwhile let us know if you have any questions or comments. For any questions, please reach out to me at email@example.com.