October is Cyber Security Awareness month. In celebration, Defensible Technology will share tips to help you evaluate whether your business has built a defensible cybersecurity program.
Tip #1: Know What Your Information AND Its Loss Are Worth
As a result, cybersecurity programs won’t necessarily implement risk-based security controls. Such programs require context and thereby establish the criticality of information to the business. However, security professionals also need to inform business leaders of the implications of a data compromise. The two approaches together establish a true security risk profile.
For example, consider a higher education institution that collects data from 10,000 prospective students each year via its admissions process. Data breach reports from Verizon and the Ponemon Institute pegged the cost per record resulting from a breach at $150 to $242.
In this example, a single business process creates an annual exposure of $1.5M to $2.4M. An awareness of the loss resulting from a breach committed intentionally or accidentally, can help establish the cumulative impact of a records retention policy or inform a discussion on the required level of coverage for a cybersecurity insurance policy.
Determining the scope of information requiring protection and the implications of a data compromise simply require collecting input and asking the right questions of key business entities in partnership with cybersecurity professionals.