Data breaches of sensitive, unencrypted information occur almost every week and many of these events become highly publicized. Organizations are thrust into the public's eye and scrutinized for gross lack of oversight and accountability around data security. Despite the fact that these breaches happen at the IT level, the burden and the blame for a data breach almost always falls on C-level leaders such as the CEO or CIO. Consumers ask, “why didn’t you protect my personal information?” and the leaders respond, “We didn’t think it would happen to us.”
Today business leaders need to know that data breaches are no longer a matter of “if” but “when.” Even behind firewalls and secure networks, unencrypted sensitive data is a goldmine for hackers. Not protecting this information with encryption is like driving a brand new Ferrari without car insurance. You can drive as safely as you want, but you can’t control the behavior of other drivers. Just like driving without insurance, not encrypting your organization’s sensitive data in a time when hackers are always trying to break into networks is taking a huge risk with both your organization’s financial resources and reputation.
I recently sat down with data security expert Patrick Townsend, CEO & Founder of Townsend Security, to discuss why unprotected data is a business problem, not just an "IT problem."
Watch the video of that discussion here.
Why is unprotected data a business problem?
In most organizations, a large part of the CEO's role is to assess risk. Every day the leaders in any given organization address financial, market, competitive, and many other types of risk. These leaders are used to assessing risk in their organizations, but they are not yet thinking about unprotected data and the possibility of a data breach as a fundamental risk. Unprotected sensitive data leads to identity theft, fraud, and theft of financial resources from employees and customers.
Data breaches happen to both large, small, public, and private companies. In fact, today hackers are targeting small to mid-sized businesses simply because those networks tend to be less secure. However, every day I come across large business that have failed to protect their customers' data either by not encrypting the data, or failing to protect the encryption keys.
Anyone who's been through a data breach understands in their bones the importance of encryption and encryption key management. The costs associated with a data breach are far reaching.
These costs include:
- Forensics investigation
- Credit monitoring for customers
- Lost sales due to brand damage
- Litigation costs
These are costs all organizations want to avoid. They represent huge risk in terms of actual financial costs and damage to reputation. Not considering these costs and not protecting your company and customers' sensitive data is a failure to assess risk.
Want to learn more about the risks associated with unencrypted data? Check this video, “Why is Unprotected Data a Business Problem?” featuring Patrick Townsend, Founder & CEO of Townsend Security.