Categories: SecurityWorkspace

Security Pros Are Your Best Defence, Says Study

When data breaches occur, strong leadership from the chief information security officer  (CISO) can make a difference in the damage done to your corporate budget, according to new research from the Ponemon Institute.

In its latest look at data breaches the institute found that in the five countries studied (US, UK, Australia, France and Germany), CISO leadership in the aftermath of a breach slashed the cost per compromised record by an average of 21 percent compared to companies without such leadership. The benefits were highest for companies in Germany and the United States, where costs were reduced 45 and 33 percent, respectively. Despite this finding however, only 40 percent of the breaches in the U.S. and 36 percent of those in Germany were managed by the CISO.

A good security chief gets people on side

“Centralising an organisation’s approach to data management and protection usually means following a cohesive strategy instead of an ad hoc approach,” Dr. Larry Ponemon, chairman of the institute, told eWEEK. “Without a single point of accountability you may have vastly different approaches to information security from department to department and no one looking out for the best interests of the company.  A good CISO/CSO will understand the company’s mission and be able to marshal available resources to make sure everyone in the organisation is working toward that mission with full awareness of relevant laws and regulations, internal policies, and industry best practices.”

The study, which was commissioned by PGP, took a look at data breaches experienced by businesses around the globe in 2009. According to their findings, breaches in the US last year cost an average of $6.75 million, (£4.42m) or $204 (£134) per compromised customer record. The overall average across the five countries was $142  (£93) per record.

Notification laws cost money

Countries with data breach notification laws naturally had the highest costs. For example, the US had a cost per record that was roughly 43 percent higher than the global average. Germany, which passed data breach legislation in July 2009 had the second highest cost per record, reaching 25 percent above average.

“By forcing (breaches) into the public view, there’s a greater likelihood that companies will act in their best interest to take steps to avoid a public event,” Ponemon said. “That means investing in preventative measures, for example.  You can be cynical about the reasons, but if a company takes steps to prevent an embarrassing data breach for the sole purpose of avoiding a damaging headline, the resulting increase in security should still be seen as a positive.”

Page: 1 2

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved
Tags: breachCISO

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago