When they think about data breaches, IT professionals’ biggest concern is the risk to their jobs.
That’s a finding from the latest Ponemon report on the impact of data breaches, commissioned by Centrify.
Clearly getting fired is a major risk, particularly where a hack was seen as highly avoidable, as in the case of Equifax whose CSO and CIO were both retired within about a week of the breach being made public last month.
Ponemon’s global study of IT professionals in the UK, US, Germany and Australia, shows that less than half of global IT professionals are confident they have the ability to prevent, detect and resolve data breaches.
That might also have been the case at Equifax whose CSO’s security credentials were in question after it was reported that her College major was in music.
In the UK the findings are even more damning, with 70 per cent of IT practitioners not confident in their ability to prevent breaches.
For a majority of the IT professionals (63%) possible loss of their jobs ranked above loss of company reputation (43%) and time to recover decreasing productivity (41%), as concerns in the event of a data breach.
At a time of worldwide shortage in qualified cybersecurity professionals – (the non-profit information security group ISACA predicts there will be a global shortage of two million cybersecurity professionals by 2019) – the findings raise the question whether simply firing IT staff held responsible for data breaches will be enough to raise standards.
According to the study, over half (51%) of UK IT practitioners in organisations that had suffered a data breach believe that one of the most negative consequences of a data breach is greater scrutiny of the capabilities of the IT department. This ranks above brand and reputational damage (35%) and loss of customer trust in the organisation (35%).
Forty per cent of IT professionals who took part in the study said their organisation had suffered a data breach involving sensitive customer or business information in the past two years.
“Organisations need to take a smarter approach to their security needs, implementing tools that are more efficient, consolidating vendors and platforms, and empowering the people within their IT departments,” says Andy Heather, VP EMEA at Centrify. “Now more than ever, cybersecurity requires C-suite involvement to ensure its IT department has the right tools to be successful and not just left on the hot seat to take the fall.
“For years now, organisations have relied on a well-defined boundary to protect their assets. They knew where the perimeters of their networks and endpoints were, and kept their important assets on the safe side. But things have changed. Today, the world as we know it is an increasingly complex digital canvas of identities that live in and out of the enterprise, changing the perimeter of the network — to no perimeter at all. Traditional security measures are failing to safeguard against breaches. To avoid financial and reputational ruin, organisations must now rethink their approach to security.”
Centrify cites a study by Forrester, which they says points to measurable benefits of cybersecurity ‘maturity’, showing that organisations that reach the highest of four levels of Identity Access Management (IAM) maturity save 40% in security costs over their less mature counterparts and spend $5 million less in breach costs.