Execs Need Hands on Approach to Data Security, Says Report (Aug. 27, 2015)
Amid the threat of increasingly sophisticated cybercrime and heightened scrutiny by regulators, a new report urges retail and financial services CEOs and board members to take an active, involved role in improving their firms’ safeguards. “As cybercriminals step up their game, government regulators get more involved, litigators and courts wade in deeper and the public learns more about cyber risks, corporate leaders will have to step up accordingly,” writes Sameer Bhalotra, former White House senior director for cybersecurity, in the foreword to the report, The Cyber Threat Risk, issued by cybersecurity specialist LogRhythm.
The report highlights the costs of data breaches such as the late 2013 breach of retail giant Target. In the wake of the attack, shares of the company fell by 11 percent, while earnings dropped 16 percent during the following quarter. Overall, Target incurred $129 million in expenses stemming from the breach, and its chief information officer and CEO both left the company within months. The pain extended to banks and credit unions, which spent $200 million to replace credit and debit cards for consumers whose data was compromised, the report noted. The damage incurred by the Target breach and other recent attacks represent a material threat to a company’s financial well-being and thus “demonstrate the imperative for CEO and board-level involvement in IT security,” the paper said. “CEOs need to elevate the importance of cybersecurity and be more directly involved in setting the level of acceptable risk.”
One key step for executives is ensuring their companies budget sufficient funds for strategic security spending, and that those funds are invested in the most effective cybersecurity practices, the report advised. The smart money is on detecting and responding to breaches early and effectively, rather than preventing breaches outright, according to the report.