With so much attention surrounding cybersecurity today, you would think that most global business leaders would be on the same page about protecting their data. Most businesses, after all, would be unable to recover after suffering from a large-scale breach.
According to a new study, though, attitudes about data security vary drastically across different industry sectors and countries.
In the study, U.S. professionals were found to value their personally identifiable information (PII) more than twice as much as their U.K. counterparts. In the U.S., the average per capita value (PCV) of PII is $1,820. Compare this to the U.K. ($843) in the U.K.; Canada ($1,025); Australia ($1,186) and Japan ($1,040).
In the U.S., it should be noted, PII (47.4 percent) is given higher priority than IP (27.6 percent). This is followed by payment card data (18.4 percent) and corporate email (only 6.6 percent). This last statistic is a real problem, when considering the extent to which hackers nowadays are attacking email systems. They remain one of the most highly-targeted areas of the enterprise.
What’s interesting too is the mean PCV given to PII by cybercriminals is only $39. To IT professionals, though, PII has PCV of $1,198. To insurers, it’s $3,211. And to regulators, it’s $8,118.
Here are some additional noteworthy statistics from the study:
- 80 percent of organizations that view patients as their primary data subject said they have carried out a comprehensive risk assessment.
- Healthcare and hospitality sectors prioritize PII data as 3.5 and 3.4 out of 4, respectively.
- OT and Communications companies rank IP data as highest priority at 3.0 and 2.9 out of 4.
So this holiday season, take some time to think about how your organization prioritizes its data. And consider workign with a managed services provider (MSP) like Apex Technology Services to learn more about ways that you can further improve your cyberdefenses.
Here are some of the areas all organizations looking to promote a cybersecurity culture need to focus on.
1. Cybersecurity training must be done regularly.
2. Auditing and documentation must be performed regularly to ensure systems are secure.
3. Anomaly detection should be running constantly to detect threats as they emerge.
4. Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.
5. Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.
6. An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.
To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP like Apex Technology Services.