Edit ModuleShow Tags

When company data gets stolen...


Every year, cyber-criminals steal billions of dollars worth of data from large and small U.S. companies. The sort of data that thieves are looking to steal include credit card data, patient data, personal financial data and personally identifiable data, such as tax data, credit reports and background checks.  This type of data is all the more vulnerable as changing business environments, such as mobile payments and cloud services, become mainstream.

Most companies are woefully unprepared for a data breach, and many investors are typically not informed when a data breach occurs. The Ponemon Institute has found that the average cost of a data breach costs a company between $5 million and $8 million, which can easily sink a smaller business.

In October 2011, the Securities and Exchange Commission (SEC) issued new guidelines governing data breach disclosure in an effort to promote transparency for company executives and investors. Stakeholders need to know if a data breach occurs and what the financial ramifications will be for the company. In the past, companies have not wanted to report data breaches because they did not want any security failures to be publicly known. Now that has all changed---if companies do not report data breaches to the SEC, they will face sanctions and potential lawsuits.

If a data breach occurs, what are companies required to disclose?

  1. Disclosure that a data breach has occurred with “material impact.” This would include the financial statement impact of the breach and who was affected by the breach.
  2. Risk Factors. These would include:
    1. Inherent risk due to nature of specific business environment (not general or generic risks) including outsourced functions
    2. Likelihood of past incident predicting future events
    3. Regulatory requirements and potential penalties
    4. Summary of relevant insurance coverage

In order to mitigate the risks associated with data breaches, CEOs must have a clear understanding of where their most sensitive data is located on their IT systems or with third parties and what security methods are in place.  Protecting critical infrastructure requires companies to integrate cyber risk into an enterprise risk management program, establish controls to identify future risks and potential data breaches and more actively participate in the cyber security community.  Using more vigilance and transparency, organizations will be able to rest easier knowing that they have a more clear understanding of how to protect sensitive data from cyberattacks.

Edit Module
Dirk Anderson

Dirk Anderson is a managing director at Coalfire. He has more than 15 years of experience in the field of information technology, which has provided him with extensive knowledge in the development of policy and awareness programs for multi-national corporations where he has held the positions of practice lead/senior analyst, chief security architect, senior manager global security architecture, and manager of information security and Internet systems. Anderson’s breadth of experience also extends to multi-national retailers, banking, telecommunications, investment, energy, manufacturing, and governmental organizations. Contact him at dirk.anderson@coalfire.com.



Get more content like this: Subscribe to the magazine | Sign up for our Free e-newsletter

Edit ModuleShow Tags

Archive »Related Articles

Using Artificial Intelligence to Progress and Evolve Global Languages

In this context, language itself becomes a cultural taxonomy, and with more than 7,000 languages left to preserve, it has the potential for becoming the largest museum in the world with associated universities, hotels, culture-inspired retail centers and more.

Aurora's Transit-Oriented Public Art Serves as Attraction and Economic Engine

The collaborative efforts were acknowledged by the Colorado Business Committee for the Arts in 2018, with multiple transit stop projects included in the honor.

Colorado, Cryptocurrency and Coinsource

The business community and residents will surely move the proverbial needle in Colorado: By advocating for grassroots change, local communities can showcase crypto’s unique value proposition and demand that mainstream regulators and corporations take notice.
Edit ModuleShow Tags
Edit ModuleEdit ModuleShow Tags
Edit ModuleShow Tags Edit ModuleShow Tags
Edit ModuleShow Tags Edit ModuleShow Tags
Edit ModuleShow Tags Edit ModuleShow Tags