Is it surprising that organizations continue to suffer data breaches when so few of them give a damn?
In last year’s Carnegie Mellon CyLab survey, NO respondents (yes, not one) identified “improving computer and data security” as a top three priority for the board. Now, I recognize that last year was another particularly tough year for most organizations, when hanging on to topline revenue, controlling overhead and cashflow management would have been daily challenges, but for data security not to make it to somewhere near the top of the agenda is a little thoughtless – and perhaps explains why organisations like Sony continue to experience data breaches.
It’s a bit like a homeowner saying that, because they’re worried about paying the mortgage, locking the doors and windows when they go out for the day is not a priority for them. We’d think that was pretty stupid, wouldn’t we?