US Homeland Security Secretary Jeh Johnson recently spoke at a conference at the Center for Strategic and International Studies (CSIS) about the challenges of cybersecurity as they affect the federal civilian .gov world. In his speech, secretary Johnson stressed the importance of passing new cybersecurity legislation to improve data sharing when breaches occur. Indeed, his speech would go one step further to incentivize organizations to report non-breach security incidents.
The US Office of Personnel Management (OPM) recently released details about two cybersecurity incidents that impacted the data of Federal employees, contractors and others. In April 2015, it was discovered that the security incident led to the breach of 4.2 million current and former employees. While investigating this incident, it was discovered the breach was larger than originally thought.
According to research conducted by Arlington Research on behalf of Acronis, as many as 40% of UK organizations have no security policies in place to prevent employees from accessing or sharing sensitive data, which is a problem given the 60% who also report using personal devices at work.
The Information Commissioner’s Office (ICO) recently released its Annual Report 2014/15 which reflects the organization’s activities for the year, including those related to data privacy. In 2014/15 the ICO received 14,268 data protection concerns with 46% of concerns relating to the disclosure of data. This number has no direct correlation to the actual number of people affected by data breaches within the year, but the report nonetheless gives insight into areas of public concern.
The Ponemon Institute earlier this year noted that the average cost of a data breach per organization is now $3.79 million, a cost which has year-to-year been on the rise. New research released from Juniper Research suggests that the global cost of a data breach will reach $2.1 trillion by 2019. The global cost estimate is set to increase almost four times the estimated cost for 2015. Juniper estimates the average cost per organization will exceed $150 million by 2020.
There is the assumption that data breaches only affect larger organizations. Many small and medium-sized business (SMB) owners believe nobody would be “interested” in their small business. This belief comes at a cost. The Harper Midsize Business Monitor for 2014, which was recently released, shows that 43% of midsize businesses suffered a data breach in the past 3 years.
Millennials are the single largest generation in the US workforce; in 10 years this age cohort will account for 75% of the workforce. Millennials are the first generation to grow up with technology, often called “Digital Natives.” These Millennials assume they know a lot about technology, and so do employers. The problem is, Digital Native does not mean Tech Savvy, and therein lies a whole load of problems for data security.
The compliance landscape has been undergoing rapid changes throughout 2015, particularly in the US at the State level. While Federal legislation is still pending (and controversial), and International legislation such as the EU General Data Protection Regulation will impose drastic changes on many global organizations, the continued rapid pace of change in the US means that organizations must constantly stay on top of an ever-changing set of requirements.