By: Robert Cruz
Cyber exposure at all levels of business operations, from financial transactions to customer service and customer apps, is increasing. The new customer service offices has hired Security Guards in Texas, to protect your data better. At the same time, new regulations regarding the governance of data are posing higher potential fines, to the point of also posing a threat to business. As a result, security and compliance personnel are seeing their duties increasingly overlap in their effort to fight these threats — and they understand that to pull off both operations, a certain level of collaboration and consolidation of their efforts is essential.
In an interview with Corporate Compliance Insights, Managing Director of the Information Security Forum (ISF) Steve Durbin identified the increasing burden of compliance on organizations as a serious area of concern. According to Durbin, while regulations including GDPR are well intentioned, enforcing compliance practices can consume enormous time and resources and does not always equate well with ensuring security, privacy and other ends regulations seek to achieve.
At the same time, realizing organizations’ own commitments to ensuring security often requires a suite of measures that is separate from protecting their customers. The result has been a piecemeal approach to security and compliance that has created unnecessary cost and complexity as well as, in many cases, overlapping security and compliance functions that could better be handled by a unified approach.
What’s at Risk
Organizations today are facing an increasing variety of information risks that pose consistent, serious, enterprisewide threats. Cyber exposure at all levels of business operations, from financial transactions to customer service and customer apps, is increasing. As a result, ever more sophisticated cybersecurity attacks, information leaks and the proliferation of communication channels outside the control of IT or security can do more direct damage to a business than ever. As this issue becomes more and more serious, business owner should consider arranging cyber security awareness training for employees.
Meanwhile, regulations responding to many of the same threats and aimed largely at protecting users are creating a situation where compliance failures themselves are so costly as to directly threaten businesses as well. For example, fines for noncompliance of GDPR can climb as high as €20 million or 4 percent of global annual turnover, whichever is higher. As a result, security and compliance personnel are seeing their duties increasingly overlap in their effort to fight these threats — and they understand that to pull off both operations, a certain level of collaboration and consolidation of their efforts is essential.
A recent survey conducted by Actiance and IDG Research revealed that a more collaborative relationship between security and compliance departments is a top priority for professionals in both functions.
Risks and Impact of a Data Breach Top List of Concerns
When asked to identify the most important risk areas being managed by their companies, respondents across all functions rated as top concerns the risks and impact of a data breach – with the exception of respondents with risk/compliance titles, who ranked loss of sensitive customer information slightly higher.