Cybersecurity Leaders on How They Protect Their Data

A new survey of 125 data, privacy, and cybersecurity leaders shows how some of the top companies are approaching data protection. The global COVID-19 pandemic as well as ever-shifting technological norms and practices have caused the world’s top firms to jump-start their approach to safeguarding sensitive data, at a rate perhaps never seen before.

Among the key findings from the Business of InfoSec and Okera report? The cloud is bigger than ever.

What the findings show

  • The survey showed that 72 percent of respondents reported moving at least half of their company’s data to the cloud, while 70 percent say they are “very confident” or “extremely confident” that they know where all their data is currently located.
  • Less than half — 45 percent — reveal they are unconcerned about penalties or fines tied to non-compliance, while the main benefit of centralizing data authorization and control is “ensuring data security at a fine-grained level.”
  • In this era when cybersecurity is at the top of everyone’s minds, 94 percent of respondents said that compliance with data privacy protocols is a top priority.
  • Additionally, the survey participants emphasize that “better regulatory compliance is the leading driver of data privacy investments” at major firms today.

“The explosion of remote working has created borderless networking in a way that we have never seen. Services that were done in-house are now being moved to the cloud. That’s redefining what traditional network boundaries look like,” said Michael Owens, survey participant and business information security officer at Equifax, according to a separate Health IT Security article.

Owens added that moving to the cloud is a big signifier that companies are increasingly reliant on “third parties,” which in turn “extends and increases the number of external entities that are involved in every supply chain.”

Bring all stakeholders to the table

In other words, the state of cybersecurity today is more collaborative than in the past. This also means that all of these entities involved in a business’s data protection need to be on the same page and compliant with the same security practices.

“It goes back to the age-old saying that you can’t do privacy without security, and you can’t do security without privacy,” said President of SecurRisks Consulting Marian Reed in the survey report. “Most organizations and most security programs are really focused on deploying tools to make sure that the whole network is protected without really understanding the business or the data that’s involved.”

Reed stressed the need to bring all stakeholders in data protection to the table.

“You have to look at the overall business risk and figure out what are the security components that really make senses and what do we need to deploy in this organization to protect it?” she said. “And you can’t do that if you don’t have your privacy team at the table.”

Get everyone on the same page, institutionalize cybersecurity protocols throughout your firm and its partners, and do whatever you can to keep your data — and that of customers who use your services — safe.

Published by Peter Cavicchia

Peter Cavicchia is a retired U.S. Secret Service Senior Executive, now Chairman of the security consulting firm Strategic Services International LLC.

%d bloggers like this: