Ever since the September 2017 Equifax data breach that exposed the personal information of 147 million Americans, and the many other high-profile data breaches that have happened since, data security and data privacy have become pressing boardroom-level concerns.
"The Equifax debacle is where a lot of the inherent [cybersecurity] issues really surfaced to the business level," said Aaron Shum, practice lead for security, privacy, risk, and compliance at Info-Tech Research Group. "It's where we discovered the level of incompetence that can exist in an organization."
According to the 2019 Edelman Trust Barometer Special Report: In Brands We Trust?, 81% of consumers said that brand trustworthiness plays a major role in their buying decisions. In other words, data breaches today not only represent a bottom-line risk in the form of penalties but they also jeopardize an organization's brand and reputation, directly affecting its ability to attract new customers and retain existing ones.
"Businesses need to treat privacy as both a compliance and business risk issue to reduce regulatory sanctions and commercial impacts such as reputational damage and consequential loss of customers due to privacy breaches," said Steve Durbin, managing director of the Information Security Forum in the UK.
Aaron Shum, Practice Lead at Info-Tech Research Group shares his perspective in this article: