As you’ll have no doubt seen, we recently launched our new Data Threat Report. In partnership with 451 Research, we analysed survey responses from senior security executives around the world in order to better understand how data security risks are identified and managed in organisations today.
You can read a summary of the findings here, but one of the most interesting findings from a UK perspective are the factors concerning spending drivers and reasons for protecting data. Compliance came out as the primary influence on spend, while reputation and brand protection were the top reasons for protecting sensitive data. There's a definite disconnect.
We know by now that compliance does not, and cannot, equate to perfect security – for we also know that many firms that are affected by breaches are perfectly compliant with any number of rigorous mandates. A weakness of compliance regimes is that they are drawn up and laid down in law as a point of reference. The rules don’t change, but technology does. Placing too much confidence in compliance laws as a protection strategy can be seen as somewhat of a fool’s errand.
Of course compliance is essential and provides, at the very least, a framework for protection, but it is little wonder that factors such as brand reputation and ‘best practices’ have become of equal or greater importance when evaluating the value of investing in security measures.
It’s easy to say that a breach will have a negative impact on a brand, but the TalkTalk breach from October last year has been quantified, making for some unpleasant reading. If a breach could cost your organisation 30 percent of its share price, evaluating security spending can become a much simpler affair.