Welcome to The View From The Cloud, now delivered through our new mail service direct to your inbox. As a friend of the firm, we hope you'll find our news useful. If not, you can unsubscribe at any time, of course. If you do like it, we encourage you to forward to your colleagues. Links to both options are featured at the bottom of this email. Enjoy the View!
Recently, partners at global accounting firms PwC and KPMG confirmed the rising, shifting costs of poor security. Among the costs cited by Jimmy Sng, a partner in IT Risk Consulting at PwC, were "breach containment, crisis management, investigations and forensics, customer compensation, damaged system replacements, lawsuits and other penalties."
According to Lyon Poh, management consulting partner at KPMG, cybersecurity costs can be divided into two categories: recovery costs and financial damages, and reputational losses. "Loss of reputation is not easily quantifiable and is likely to erode future business opportunities and, in extreme cases, lead to failure," warns Poh.
Some, but not all, of these expenses are accounted for in The Ponemon Institute's updated figure for security breach cost, which places the average at $5.4 million per breach for 2011. While this is a reduction from the previous average of $7.2 million, it does not reflect the financial impact of lawsuits or penalties -- and these costs are on the rise.
With the steady increase in security breaches stemming from lax security programs, authorities have begun to flex more muscle in an effort to effect positive changes in enterprise security.
Consider the growing number of lawsuits against Zappos.com, subsidiary of Amazon, where a computer hack in January exposed sensitive data of 24 million customers. By March, federal class-action lawsuits totaled nine, as Amazon braced for more.
Or the FTC settlement with an auto dealership in Georgia whose lax security practices compromised the confidential data of 95,000 consumers. Now, Franklin Toyota must undergo an audit every two years (for the next 20 years, assuming they stay in business) and must also implement a comprehensive information security program. We don't know the details, but you can bet Franklin's operations have been altered forever.
Smart organizations have recognized the broadening consequences of poor security and are taking progressive action to stay out of the crosshairs. They are refocusing IT initiatives at the highest levels, reprioritizing projects and reallocating budgets to get the job done, and done right. Rather than paying the piper later -- in ways they will have little control over -- they are investing in effective security now.
Victor Nappe, CEO
CloudJacket by SECNAP Network Security
P.S. Please be generous with security information! Use the "Forward" link below to share with a friend or colleague.