Group items tagged

A recent article in the Tech Journal (techjournalsouth.com) delves into the effects of data breaches, using survey information to demonstrate how they affect customer loyalty and confidence.

"The widespread impact of data breaches like Epsilon and Sony PlayStation, where millions of consumers were impacted around the world, is making customers more cautious about conducting business with certain financial institutions and retailers," said Jackie Gilbert, vice president of marketing and co-founder at SailPoint. "These companies obviously spent millions to recover from these data breaches, but the longer term and harder-to-measure costs will be the erosion of customer loyalty and decline in brand perception."

Case in point: 16% of Americans, 24% of Britons and 26% of Australians said they would no longer do business with a bank, credit card company or retailer if a security breach occurred that potentially exposed their personal and financial information to theft."

“The IT industry had this nagging question – as more and more services move to the cloud, do they consume more or less energy?” Bernard said. “This study found that you can migrate existing infrastructure to the cloud and see not only growth in productivity but a reduction in energy consumption for those services.”

The study was aimed at understanding how the cloud performs differently from an on-premises environment, said Josh Whitney, corporate sustainability strategy lead with WSP. Using a methodology aligned to the Global eSustainability Initiative (GeSI) standards, Accenture and WSP compared the energy use and carbon emissions per user for Exchange Server 2007, SharePoint Server 2007, and Microsoft Dynamics CRM with their cloud-based equivalents: Exchange Online, SharePoint Online and Microsoft Dynamics CRM Online. The results suggest that for widely deployed and commonly used applications such as e-mail, content sharing and customer relationship management, the cloud can enable significant reduction in carbon emissions.

“The findings are actually pretty impressive,” Whitney said. “I think this study provides further reinforcement of the benefits of the cloud beyond the bottom line. It provides one of the first quantitative and measurable analyses of the impact that cloud computing can have directly compared to a traditional deployment of IT within a company.”

The regulations, which went into force in March, are intended to protect a consumer’s personal information from identity theft and other privacy breaches and to spell out steps that businesses must take to ensure data is secured. Some large companies — particularly those in the finance and health care industries that are already subject to data security laws like the Health Insurance Portability and Accountability Act (HIPAA) — had privacy measures in place, which helped get them ready for Massachusetts’ regulations. However, for many smaller and midsize companies that have not been subject to data security laws before, complying with the rules is a longer and often more painful process.

some businesses that are complying with privacy regulations for the first time and have limited in-house technology expertise “are running around with their hair on fire, trying to figure out what to do first,”

“We’ve seen a substantial uptick in activity in clients seeking guidance in how to comply,” said Carlos Perez-Albuerne, a partner at Choate Hall & Stewart LLP. “There’s a whole swath of businesses that never had to deal with anything like this before.”

AVG's research shows that: * 83% agree that having the right level of IT security protection is critical to their business * 77% say that a security threat could have a significant negative impact on their business * 55% feel they can make IT security decisions without 3rd party influence * However, only 48% have a clear IT security policy in place for their staff, leaving most at the mercy of what employees decide to download or access online * As a result, perhaps not surprisingly, 1 in 4 have experienced a security breach * Most worryingly, 1 in 7 have no security software or systems in place at all AVG also asked small businesses whether they expect to see growth in the next five years - 61% of UK and 74% of US small businesses say that they do.

"Our research shows that the healthcare industry is struggling to protect sensitive medical information, putting patients at risk of medical identity fraud and costing hospitals and other healthcare services companies millions in annual breach-related costs," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute.  "At this point one would hope to see that healthcare organizations have improved information security practices and come into compliance with HITECH, now that it's been more than one year since it was enacted.  Instead we found enormous vulnerabilities.  The protection of patient data should be at the forefront of their efforts."

ey findings of the research: Data breaches are costing the healthcare system billions.  The total economic burden created by data breaches on the healthcare industry is nearly $6 billion annually.  The impact of a data breach over a two-year period is approximately $2 million per organization and the lifetime value of a lost patient is $107,580.  The average organization had 2.4 data breach incidents over the past two years.  Major factors causing data breaches are unintentional employee action, lost or stolen computing devices and third-party error.Healthcare organizations are not protecting patient data.  Organizations have little or no confidence in their ability to appropriately secure patient records (58 percent).  Healthcare organizations have inadequate resources (71 percent) and insufficient policies and procedures in place (69 percent) to prevent and quickly detect patient data loss.Protecting patient data is not a priority.  Seventy percent of hospitals stated that protecting patient data is not a top priority.  Patient billing (35 percent) and medical records (26 percent) are the most susceptible to data loss or theft.  A majority of organizations have less than two staff dedicated to data protection management (67 percent).HITECH has exposed the healthcare industry's lax data protection practices rather than improved the safety of patient records.  The majority (71 percent) of respondents do not believe the HITECH Act regulations have significantly changed the management practices of patient records.  The findings indicate that there is a significant number of data breaches that go undetected, and therefore unreported.

"We talk with healthcare compliance people dealing with data breach risks every day and they just can't get their arms around the problem of data exposure," said Rick Kam, president and co-founder of ID Experts.  "Unfortunately, in healthcare organizations, patient revenue trumps risk management."

Senior compliance officers at more than 100 leading U.S. companies responded to 28 questions in four key areas critical for the compliance function: leadership, reporting relationships and structure; compliance function scope, focus and risk; metrics to gauge program effectiveness; and budget, staffing and resources. A major finding of the study: One of the biggest obstacles facing Chief Compliance Officers (CCOs) is measuring the effectiveness of their compliance functions - almost 40 percent of the companies surveyed said they make no attempt to measure the effectiveness of their compliance program.

“An effective compliance program is the cornerstone of cooperation credit allowed under the U.S. Sentencing Guidelines and stakeholders are demanding much higher transparency in how compliance risk is effectively managed,” said Miles Everson, PwC principal and global and U.S. risk and compliance leader.

“Without a clear measure of the compliance department’s effectiveness, much else is in jeopardy. Lacking this,