|
Why invest in security?
Three reasons: brand, regulation, and return on data security investment (RODSI)
Brand and Reputation
Seemingly, a day does not pass in which the press runs a story regarding a data security breach and the adverse repercussions it has had on a company’s ability to do business with new and existing customers. The hard costs of remediating the breach, including notification, credit monitoring, and remuneration, are considerable. But they pale in comparison to the cost of a tarnished reputation. A tarnished reputation is something to be avoided in any industry. Customers don’t want to buy things online, from a catalog, or in a store from a retailer that has experienced a data security mishap. They don’t want to invest with or deposit money in a financial institution that they do not trust to protect their private information. Constituents lose confidence in governmental agencies that can’t safeguard their privacy. Alumni don’t donate to institutes of higher learning that don’t protect their personal information. Back to top
The Regulatory Environment
Protecting data is not only a smart business practice; it is increasingly a legislative or standards-driven mandate. The Payment Card Industry Data Security Standard applies to all organizations that collect credit card information and levies fines for non-compliance. Over thirty states have enacted privacy laws and a federal bill has been proposed. HIPAA, a federal law pertaining to health care information privacy, outlines data protection guidelines. These are just a few examples. Other regulations exist and more are sure to be implemented. Back to top
Return on Data Security Investment (RODSI)
Traditional return on investment analysis measures benefit (I.e. money earned) from a particular project after considering the project’s costs. Fundamentally, profitable projects have positive ROI and unprofitable ones do not. Measuring the return on investment from a data security project is slightly more challenging. It is relatively simple to measure the costs. Measuring the benefits is a bit trickier. In fact, success is measured by what does not happen – sensitive data is not compromised. How then, should meaningful economic Return on Data Security Investment (RODSI) be measured? Weigh the multitude of potential costs of a security breach, like public relations, credit watch services and consumer notification, against investment in breach prevention. Working with customers, Protegrity has gained invaluable experience around the types of security breaches and the costs to remediate them. To learn more, download the Protegrity whitepaper “Calculating Return on Data Security Investments”. Back to top
|
Events
White Paper