Security leaders face identity challenge

According to the Ponemon Institute’s recent annual report, the cost of a data brInformation security today is seriously big business. While cybercriminals are making hay on the black market with stolen identities and records, cybersecurity breaches are also clearly costing companies much more than before.

According to the Ponemon Institute’s recent annual report, the cost of a data breach rose to $3.5 million in 2013. Companies lose an average of $145 per compromised record, according to annual Cost of Data Breach Study, while the average cost of a data breach rose 15% last year to $3.5 million.

Anyone that still dismisses information security as just an IT issue is delusional. Just the simple mention of the leading US retailer Target should send shivers down the spines of CEOs everywhere.
A total of 70 million records stolen that included the name, address, email address and phone number of Target shoppers. The cost to credit unions and financial institutions for reissuing the 21.8 million cards is estimated at $200 million, plus $100 million for Target to upgrade systems and payment terminals.

Who’s to blame?
Profits fell 46% in Q3 of 2013 compared to the previous year, which all ultimately resulted in not only the CIO being axed but even the CEO was made to pay the ultimate price of this security failure.

Security leaders and experts noted at the annual InfoSecurity Conference organized by Computerworld Hong Kong and e21 MagicMedia, that security is today the responsibility of all business leaders.

Despite the critical nature of information security today, the role of chief security officer or chief information security officer is not as common as one would expect.

According to Amar Singh, former CISO at News International, information risk & GRC expert based in UK, there is huge demand today in Europe and US for CISO roles but the role is still seeing significant change. ‘We’re seeing the emergence of chief privacy officers and chief risk officers that are assuming much more responsibility for information security,” said Singh during a panel discussion with IT leaders on day two of the conference.

He noted that security is now moving out of the IT domain which is a good sign as in the past, anything that involved information security immediately became pigeon holed in IT.

“It doesn’t matter what you call it [the role] today, there is a clear demand for a person who can save the ship from sinking,” said Singh.