skip to main content
Close Icon

In order to deliver a personalized, responsive service and to improve the site, we remember and store information about how you use it. This is done using simple text files called cookies which sit on your computer. By continuing to use this site and access its features, you are consenting to our use of cookies. To find out more about the way Informa uses cookies please go to our Cookie Policy page.

Global Search Configuration

Ovum view

Summary

Major players across a variety of consumer-facing industries have been targets of cybersecurity attacks in recent years (e.g., Anthem, Sony, Target, Home Depot). Therefore, the security of consumer data is rapidly becoming an issue that companies have to prioritize not only in their cybersecurity/IT infrastructure agenda but also within their public relation endeavors. With increasing consumer awareness/education about the type and amount of data stored and the sheer number of privacy breaches, consumer skepticism about the perceived responsibility felt and preventative actions taken by companies is increasing.

The public court of opinion becomes increasingly expensive for organizations that do not invest in cybersecurity

By mid-2018, according to Ovum's data sovereignty survey, 77.6% and 70.5% of regulated/sensitive data will be held on cloud or mobile applications, respectively. The influx of sensitive data across enterprise operations, healthcare providers, and government operations, alongside unregulated employee access to consumer data, makes security much more difficult to achieve. Global security practices need to be improved – only 44% of Ovum survey respondents monitored user activity and had policy-based triggers and alerts in place, and only 53% classify their information assets to facilitate controls.

Many companies only factor in the legislative risk of fines when deciding against investing in cybersecurity systems/measures – over 50% of survey respondents plan to pay these fines, often discounting the associated costs to their brand image when making budgetary decisions about security. Furthermore, consumer awareness of companies who maintain data profiles for monetary pursuits is growing – a cybersecurity attack on one of these companies may be scrutinized more severely by the public, often causing irreversible brand damage.

Vulnerabilities can arise from both improper training and system issues; the average breach detection and remediation timeline is approximately 200 days. Manageable vulnerability issues and long remediation timelines will make consumers increasingly averse to the affected companies. As consumers – who are already increasingly concerned with data privacy – become more aware of these issues through increasing media and political coverage, they are more likely to view these breaches as direct, preventable violations of consumer trust rather than just minor business lapses. The total cost of a data breach over a three-year span, for example, must also count fiscal damage to more intangible assets, such as brand goodwill – adding to the long-term expense of a breach.

Even if a business adopts the best technology and usage approaches to prevent a breach through continual monitoring, comprehensive training, and investment in up-to-date technology, breaches are bound to happen. They can be caused be simple off-the-shelf malware through to well-resourced, advanced, persistent threats. The quickest way to mitigate the legislative and public-facing risks is to adopt a balanced, responsive, and transparent approach. Common steps include advising users on identity theft and the regular need to change user credentials as well as addressing industry regulation issues. While legal risks behind pre-remediation disclosures are an important consideration, many class-action lawsuits are predicated on the abuse of or harm caused by acquired data – both of which can be reasonably mitigated by fast and transparent disclosure.

Appendix

Further reading

Data Privacy Legislation Impact on Enterprises, IT0018-001493 (April 2016)

Framework: Dealing with a Cyber-Security Breach, IT0022-000621 (February 2016)

Author

Rishi Kaul, Research Analyst, Information Management

rishi.kaul@ovum.com

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

+44 (0) 207 551 9047 - Operational from 09.00 - 17.00 UK time

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 7770704398 or email us at pr@ovum.com

Contact marketing - marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now