The cost of a data breach continues to rise. A recent study conducted by the Ponemon Institute found that the average breach now costs $3.8 million, an increase of 23 percent from two years ago.
As security experts often say, there are two types of companies: those that have been hacked and those that do not yet know they have been hacked.
As part of the IBM Center for Applied Insights’ Business Tech Trends study, involving more than 1400 enterprises, one in ten companies reported experiencing a security crisis in the past 18 months in the areas of mobile, social, cloud or analytics. A crisis was defined as a breach that interrupted business processes or compromised sensitive information.
Interestingly, however, taking a more holistic view of the study participants’ responses showed that not all companies are equally susceptible to these crises. The research also probed into how these companies developed their IT strategies. As it turns out, companies with weak strategy collaboration between IT and business units are twice as likely to experience one of these crises.This revelation shouldn’t be too surprising. As the dependence on widespread connectivity and accessibility to data grows in every department, security can’t merely be the cherry on top. It’s far too important—security must be baked into every business initiative, considered from the outset by not only the IT leaders but also their line-of-business counterparts. To achieve this level of protection, both sides must collaborate when constructing strategies for new mobile, social, cloud and analytics applications.
The 2014 CISO Assessment: Fortifying for the future drew similar conclusions. In examining the state of security through the eyes of today’s CISOs and security leaders, the study illuminated measures that companies can take the to reduce the odds of being that one in ten that must cope with a data breach and the millions of dollars in related costs.
Besides developing strategies in conjunction with key departments such as IT, risk and operations, business leaders should have a running dialogue with their company’s chief privacy officers and general counsels. Additionally, security leaders should be active participants in C-suite meetings, bringing attention to the issues that threaten the business.
They say that a whole is greater than the sum of its parts. This maxim is appropriate in the corporate world, where collaboration among departments might further protect a company’s information, and a lack thereof might expose vulnerabilities.