April 16, 2012 No Comments-
Many mid-sized businesses may believe that they are too small for attackers to target, but this assumption is far from valid. Any organization that stores information – whether it’s customer records, product data or trade secrets – are at risk for data loss. Yet, according to a recent study by PriceWaterhouse Coopers (PwC) of 600 mid-sized companies in the UK, France, Germany, the Netherlands, Spain and Hungary, mid-sized European businesses are not doing a great job accepting and managing that risk. The study, “Beyond Cyber Threats: Europe’s First Information Risk Maturity Index,” found many mid-sized European businesses are failing to protect sensitive data and not taking employee-borne data threats seriously.
To highlight the gap between what companies should be doing and what they are actually doing, PwC measured 34 separate practices organizations should have in place to protect information. Organizations could earn a maximum score of 100 on the index, but on average, businesses scored 40.6, which indicates there is a lot work to be done to get data protection practices to an acceptable level.
Financial services and pharmaceuticals firms performed better than under industries, but in general, the lack of sound data security practices were concerning. The study found:
The impacts of data breaches are significant. Last year, small to medium European businesses lost an average of 2-4 days at a cost of £15,000 – £15,000, had an incident response cost of £4,000 – £7,000, direct financial loss due fines and compensation to customers of £3,000 – £5,000 and indirect loss of £10,000 – £10,000. Few small to medium sized businesses can easily afford these costs.
Protecting sensitive data is not all about tools, organizations must train employees on security policies and consistently reinforce the messages to ensure staff is aware of what is expected. Once sound policies are established, tools can help monitor and enforce rules and guidelines.
Made up of various contributors' opinions and insights - the power of the collective.
Security Exposed Bloggers
Norman Blog Archive