skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

Major players across a variety of consumer-facing industries have been targets of cybersecurity attacks in recent years (e.g., Anthem, Sony, Target, Home Depot). Therefore, the security of consumer data is rapidly becoming an issue that companies have to prioritize not only in their cybersecurity/IT infrastructure agenda but also within their public relation endeavors. With increasing consumer awareness/education about the type and amount of data stored and the sheer number of privacy breaches, consumer skepticism about the perceived responsibility felt and preventative actions taken by companies is increasing.

The public court of opinion becomes increasingly expensive for organizations that do not invest in cybersecurity

By mid-2018, according to Ovum's data sovereignty survey, 77.6% and 70.5% of regulated/sensitive data will be held on cloud or mobile applications, respectively. The influx of sensitive data across enterprise operations, healthcare providers, and government operations, alongside unregulated employee access to consumer data, makes security much more difficult to achieve. Global security practices need to be improved – only 44% of Ovum survey respondents monitored user activity and had policy-based triggers and alerts in place, and only 53% classify their information assets to facilitate controls.

Many companies only factor in the legislative risk of fines when deciding against investing in cybersecurity systems/measures – over 50% of survey respondents plan to pay these fines, often discounting the associated costs to their brand image when making budgetary decisions about security. Furthermore, consumer awareness of companies who maintain data profiles for monetary pursuits is growing – a cybersecurity attack on one of these companies may be scrutinized more severely by the public, often causing irreversible brand damage.

Vulnerabilities can arise from both improper training and system issues; the average breach detection and remediation timeline is approximately 200 days. Manageable vulnerability issues and long remediation timelines will make consumers increasingly averse to the affected companies. As consumers – who are already increasingly concerned with data privacy – become more aware of these issues through increasing media and political coverage, they are more likely to view these breaches as direct, preventable violations of consumer trust rather than just minor business lapses. The total cost of a data breach over a three-year span, for example, must also count fiscal damage to more intangible assets, such as brand goodwill – adding to the long-term expense of a breach.

Even if a business adopts the best technology and usage approaches to prevent a breach through continual monitoring, comprehensive training, and investment in up-to-date technology, breaches are bound to happen. They can be caused be simple off-the-shelf malware through to well-resourced, advanced, persistent threats. The quickest way to mitigate the legislative and public-facing risks is to adopt a balanced, responsive, and transparent approach. Common steps include advising users on identity theft and the regular need to change user credentials as well as addressing industry regulation issues. While legal risks behind pre-remediation disclosures are an important consideration, many class-action lawsuits are predicated on the abuse of or harm caused by acquired data – both of which can be reasonably mitigated by fast and transparent disclosure.

Appendix

Further reading

Data Privacy Legislation Impact on Enterprises, IT0018-001493 (April 2016)

Framework: Dealing with a Cyber-Security Breach, IT0022-000621 (February 2016)

Author

Rishi Kaul, Research Analyst, Information Management

rishi.kaul@ovum.com

Recommended Articles

  • Service Provider Markets, Consumer & Entertainment Services,...

    MWC 2018 Highlights

    By Ronan De Renesse 27 Feb 2018

    Over 20 of our senior Ovum analysts and consultants attended this year’s Mobile World Congress in Barcelona at the end of February. In between meetings, briefings and presentations, our analyst team were blogging and tweeting about key developments, trends and rumors. Have a look through our daily MWC 2018 Highlights to find out what happened.

    Topics 5G AI IoT Cloud Payments SDN/NFV Smart home

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.

  • Enterprise Decision Maker, Enterprise IT Strategy and Select...

    2017 Trends to Watch: Big Data

    By Tony Baer 21 Nov 2016

    The breakout use case for big data will be fast data. The Internet of Things (IoT) is increasing the urgency for enterprises to embrace real-time streaming analytics, as use cases from mobile devices and sensors become compelling to a wide range of industry sectors.

    Topics Big data and analytics IoT

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now