Risky Business

Filed in archive Opinion on August 13, 2007

Why is it we just don't learn? An article at Data Storage Today showed the ugly truth - a recent Scott and Scott LLP study found that 46 percent of companies that had already experienced a data security breach on its portable devices did nothing to implement any preventative measures. That's baffling to me. As someone who has written extensively on risk management topics, I wish I could say it was the exception and not the rule.

Maybe it's the attempt to put together some cohesive and coherent policies and controls. Maybe it's that companies truly don't understand the long-term effects of such breaches on their bottom line. Foolish, for if I were a customer of a company that suffered not one, but two or more breaches, I'd be requesting my data be removed and I'd be taking my business elsewhere. I can't imagine that others would feel differently.

The scott and Scott survey backs up my thinking. Companies that had experienced a data breach felt the effects throughout the organization. Seventy-four percent reported loss of customers, 59 percent faced potential litigation, 33 percent faced potential fines and 32 percent experienced a decline in share value.
So what's it going to take to make you sit up and take notice? One breach? Five breaches? You tell me why your company isn't taking this more seriously.