Companies Are Making Cybersecurity a Top Priority 14:24, October 3, 2016

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

Our Resources

Companies Are Making Cybersecurity a Top Priority

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

Cybersecurity, also known as data security, is the top compliance priority of major corporations and organizations.

In its 2016 Compliance & Risk Report: CCO’s Under Scrutiny, global law firm DLA Piper, which advises companies on cybersecurity matters, encapsulated survey results of 78 in-house counsel and compliance officers. By far, the most universal compliance risks identified were cybersecurity and data breaches. 73% of respondents named cybersecurity as their biggest compliance risk, followed by data breaches (72% of all respondents). “Increased regulatory risk” was a close third at 64%. It came as no surprise that the survey results showed most company compliance resources were being spent on cybersecurity.

The concern appears to be growing. In another 2016 survey conducted by Bay Dynamics, a cyber risk analytics company that serves businesses, 30% of 126 surveyed board members of corporations with 2,000 or more employees considered cyber risk to be a “high” priority. In 2014, that concern was just 7%. In 2018, that concern is expected to rise to 44%, according to the survey. Note that survey respondents were given three choices—“high,” “mid-level” and “low”— in gauging data security priority. While most board members (56%) found data security to be a “mid-level” priority, its shift from 2014 was less dramatic than the “high” priority shift.

Knowing what other firms are doing in terms of data security can assist organizational cybersecurity compliance efforts. For better or worse, companies have to model their compliance programs after peers in their industries. Professor Sean J. Griffith of Fordham Law School has called this phenomenon “compliance creep.” It occurs when companies ante up their compliance programs because someone else may be “doing it better” under the watch of federal regulators. During a January 2016 symposium on The Changing Face of Corporate Compliance and Corporate Governance, Griffith explained, “The regulatory state enforced a vacuum. The feds are in it and it is just the way it is going to be, and we have to learn to live with that.”

Beyond regulator motivations, which tend to focus on external incentives (“follow the law, or else”), there’s practical value in knowing what other organizations are doing about data security. Data security threats, like shadow IT, ransomware, and password reuse, are rampant and constantly mutating, requiring active eyes.

For example, Verizon’€™s 2016 Data Breach Investigations Report brings together companies and data security experts to provide updates on cybersecurity threats. In one instance, Verizon analyzed millions of phishing scams and found that 30% of phishing messages were opened by employees. The 2014 report found that 23% of employees opened phishing messages. This rise makes sense when put in context. Insider negligence has been found to be the number one threat to a company’s data security, often arising from employees opening scam emails and files.

Verizon recommends providing “employees with awareness training and information so they can tell if there is something ‘phishy’ (couldn’t resist) going on.” For more information about data security awareness training, check out LawRoom’s white paper. LawRoom offers online compliance training to thousands of companies and universities.

You might also be interested in...

  • Don’t “WannaCry”? Take Charge & Raise Cybersecurity AwarenessJune 1, 2017 Don’t “WannaCry”? Take Charge & Raise Cybersecurity Awareness If even the National Security Administration (N.S.A.) can have its secrets stolen and exploited, what about private companies that have profit (not data security and intelligence) as their prime directive? According to the New York Times, cybercriminals turned stolen N.S.A. hacking tools […] Posted in data security
  • Protecting Humans From Data Security AttacksMay 10, 2017 Protecting Humans From Data Security Attacks Metrics and narratives are all the rage in compliance. Metrics allow companies to benchmark and measure compliance program effectiveness, business risk, and, increasingly, employee behavior. And adult learning research shows that narratives are an effective way to teach adults new […] Posted in data security
Douglas Kelly
Douglas Kelly is EverFi's lead legal editor. He writes on corporate compliance and culture, analyzing new case law, legislation and regulations affecting US companies. Before joining EverFi, he litigated federal and state employment cases and wrote about legal trends. He earned his JD from Berkeley Law and BBA from Emory University.

Leave a Reply

Leave a Reply

White Paper
Data Security training
for employees

  |   Download White Paper

 

Compliance Course Catalog
  |   Download Catalog