All the companies involved vigorously deny giving the Obama administration access to their users’ data, but the current and potential damage to their brand reputation has left these corporations scrambling for responses that satisfy not only shareholders, but stakeholders.
Viktor Mayer-Schonberger, professor of internet governance and regulation at the Oxford Internet Institute, sums up the scope of the collective data breach saying, “These companies depend on their users being sufficiently trusting to give them personal data. Many of us are perfectly fine for these companies to use this information for their own commercial benefit, to place more relevant adverts on the right hand side, but we do not want it passed on to the government or to tax authorities for instance.”
Revelations about the NSA’s accumulation of citizens personal information has raised our collective awareness of data security. We assumed that our personal information was safe and secure, we no longer can. In business, there can be no assumptions regarding data security. Corporate data breaches are, in fact, growing at an alarming rate. The Open Security Foundation working in conjunction with Javelin Strategy & Research reports an all-time high of 1,611 breaches in 2012, representing a 48% increase over 2011. What do those numbers mean in terms of dollars? A recent study by the Ponemon Institute shows that the organizational cost per data breach stands at $5.4 million and the cost per record is $188. Thus, chief executives and business owners must treat the issue as though their companies, and the data they hold, are continuously under attack.
How do organizations across the economic spectrum treat the issue of data security? What are the right moves to keep data safe and secure and what may be done to avoid the costs (both monetary and social) of a security breach?
Writing in the Harvard Business Review, Robert Plant, associate professor of computer information systems at the University of Miami School of Business Administration, says executives must understand four basic points about security:
The takeaway is that any business can be a target. Breaches can, do and will occur in organizations of all sizes and across a large number of industries. Old excuses like “we’re too small to be a target,” or “we just implemented new antivirus software and firewalls,” are no longer acceptable.
In addition to the financial repercussions of a data breach is the social impact. Data breaches not only tarnish a company’s hard earned reputation, they violate people’s trust. Chief executives must accept that reputation has quantitative value. It is just as material to the company’s bottom line as inventory, receivables, real estate or any other balance sheet asset.
What should a chief executive do about the inevitable data breach? In a word, prepare. A logical first step is putting a team in place to plan a response that meets not only the legal standard, but obligations to clients and business partners. The team may include data security personnel, legal counsel, as well as a communications expert. Once a blueprint is formulated, the team should meet at least twice a year to conduct drills, just as other teams prepare for physical risks like weather emergencies or fire drills.
Experts cite says three different tasks that businesses must consider when evaluating readiness to meet a data breach:
Vulnerability Assessment:
Inspect all the ways that data moves in and out of your company, from laptops and thumb drives to cloud storage and customer portals. The vulnerability assessment also needs to look beyond your company to your contractors, and subcontractors. If you share data and systems with any of them, your operations are at risk.
Response:
Encrypting files and restricting access to data are good starting points, as is a “remote kill” option that will let a security team wipe out data on a laptop that has gone missing. Your response should also consider the need to quarantine areas of your data network or shut down entire systems.
Communicating the Aftermath:
Any plan must take communications into account. When planning a response, experts advise factoring in how many records were affected and what level of data was exposed. You need to understand the legal ramifications and how you might fare in the court of public opinion if
you handle the breach incorrectly. Remember that you can’t eat your words once they’re in the public domain.
Data breaches and cyber security recently topped the agenda of the summit between President Obama and Chinese President Xi Jinping. Although U.S. officials have accused the Chinese government of being behind a series of attacks designed to steal trade secrets and potentially disable computers that operate banks, power grids and telecommunications systems; Xi flatly rejected the charges saying that his nation was also a victim of such acts and called for cooperation on the issue.
Chief executives, and the companies they manage, must treat security and the threats of data breaches seriously and take the necessary steps to harden their defenses. No panacea exists that will prevent data breaches and deterring such incidents is a never ending task. Cyber security cannot be delegated to the IT department or the CISO, it is a company wide effort that begins and ends in the corner office.
Read: –https://blogs.hbr.org/cs/2013/06/does_your_ceo_really_get_data.html
Read: https://www.guardian.co.uk/technology/2013/jun/10/apple-google-giants-nsa-revelations
Read: –https://corner.advisen.com/pdf_files/Reputational_Risk_Data_Breach_2012NAS.pdf
Chief Executive Group exists to improve the performance of U.S. CEOs, senior executives and public-company directors, helping you grow your companies, build your communities and strengthen society. Learn more at chiefexecutivegroup.com.
0
1:00 - 5:00 pm
Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process
Executives expressed frustration with their current strategic planning process. Issues include:
Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns. They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning. Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process. This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented. If you are ready for a Strategic Planning tune-up, select this workshop in your registration form. The additional fee of $695 will be added to your total.
2:00 - 5:00 pm
Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations.
Limited space available.
10:30 - 5:00 pm
General’s Retreat at Hermitage Golf Course
Sponsored by UBS
General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.
The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.
