The cost of data breaches continue to rise. While data breaches are estimated to cost $4 million per incident on average, some organizations are finding themselves on the hook for as much as $100 million per incident. Despite these substantial costs, data protection accountability still lags. According to a new study by Nasdaq, 40% of respondents do not feel responsible for the repercussions of a cyberattack. This lack of accountability has resulted in business leaders who lack the tools and knowledge to battle cybersecurity vulnerabilities.
The Accountability Gap: Cybersecurity & Building a Culture of Responsibility interviewed 1,500 non-executive directors and C-level executives across the US, UK, Germany, Japan, Denmark, Norway, Sweden and Finland. The study looked at two main vectors: awareness of cybersecurity risks and readiness to address those risks. Low scores in both categories indicate the most high-risk organizations.
In organizations with low awareness and low readiness, directors could not interpret a cybersecurity report, lacked tracking for devices on their network, and were not regularly updated on current threats. Without the knowledge or the tools to detect and manage risks, these organizations are open to attack.
We've talked before about how important it is to empower employees in order to minimize the risks of Shadow IT. Every company needs an environment that creates accountability for employees. This is known as a top-down culture of security, which the new Nasdaq report also examines. Awareness and readiness are important attributes for all employees in an organization, so that all employees (from the board down) are held accountable for the consequences of cybersecurity vulnerability.
How can you close the gap between cybersecurity risk in your company and internal efforts to reduce that risk? The report makes several suggestions. Chief among them is education. Supplement employee experience in cybersecurity issues with ongoing training and innovation. Start with your board to create open communication.
"Open communication and accountability at all levels is key a successful culture of responsibility, and these actions can serve as a north star for developing a holistic security posture that ensures your people, processes, and technology are set up for success."
Another recent report by PwC suggested that exploited mobile devices account for one-third of cyber security incidents. With mobility and cloud use on the rise, endpoints remain one of the top vectors for cybersecurity risks. Endpoints often exacerbate the insider threat, as employees accidentally or maliciously put data at risk. At Absolute, we are here to support your security posture with technology that provides unprecedented insight into the endpoint and your corporate data. The Endpoint Data Discovery (EDD) feature of Absolute DDS allows you to see where your sensitive data is, at any time, on or off the network. With Absolute DDS, you can proactively enforce security policies or react to risks by locking down or remotely deleting data. With our simple cloud-based interface, it’s easy to understand and assess risk. Learn more at Absolute.com