Our research has shown that the most important criterion for an organisation to feel well protected is not the size of budget allocated to security or the specific technical platform, but good governance and oversight.
• Budget doesn’t increase confidence
• Board buy-in is key to making a CIO feel confident about security
• This, we found, can be achieved by good governance
The cost of a data breach can be disastrous for any organisation. In 2015, we saw TalkTalk breached for the second (but possibly third) time within a year, compromising 157,000 personal records and costing the company an estimated £60m as well as the loss of over 100,000 customers (itpro). However, the irreparable damage done to the company’s brand and the steady flow of customers still jumping ship—126,000 customers switching away from the provider in the first three months of this year (theregister)—leaves the organisation in a difficult position.
The most high profile hack of 2015 was of course the ‘meetup’ website, Ashley Madison, from which 30m users’ information was stolen and then published online. The hack could cost parent company, Avid Life Media, £1.2bn in the UK alone according to the law firm, Pinsent Masons, while the company already faces a $576m class-action lawsuit in the US. Along with a huge dent to its finances, the hack has delivered irreparable reputational damage.
Other notable attacks of the year include one of the US’s largest health insurance providers, Anthem, which lost nearly 80m records, while Target settled $39m after a data breach affecting several US banks and 40m customer records.
The rise of ransomware and the possibility of malware moving from end-point targets into the cloud as well as the Internet of Things (IoT) introducing a whole new frontier of vulnerabilities, makes 2016 and beyond a volatile prospect for companies of any sector.