As a financial executive, CEO or a board member of a public company, you are responsible for identifying and managing financial risks to your organization and ensuring regulatory compliance. You have your financial statements audited each year, and you certify compliance with regulations such as HIPAA, Sarbanes-Oxley, PCA, Graham-Leach-Bliley and the like. But it is likely that you don’t have the full picture of your risks and exposure to a data breach.
Heartland Payment Systems, a major payment processor, recently experienced what is likely to be the largest data breach in history. As reported by CBS:
If the market meltdown, housing and bank crises weren't enough, U.S. consumers can now add the potential of massive credit and debit card fraud to the list of financial concerns. A major processor of credit card transactions just disclosed its system had been hacked, putting millions of consumers at risk, reports CBS News chief investigative correspondent Armen Keteyian.
If you read Heartland’s annual report, however, you find that they had made substantial investments in data security technology and regulatory compliance, as well as compliance with rigorous PCI standards. Despite these investments, they didn’t prevent a data breach from occurring.
Compliance and data security have not proven effective in preventing data breach incidents because breach prevention requires a different approach to assessing and mitigating risks. For instance, almost 50% of data breaches are caused by human failure*Source: 2008 Global State of Information Security Study, PriceWaterhouseCoopers. -- a laptop containing personal customer or employee information left in a rental car, or a backup tape lost in transit with veterans’ personal and health information. And even if your company’s security practices are above average, 45% of data breaches*Source: 2008 Annual Study: Cost of a Data Breach, Ponemon Institute, LLC. are caused by outsourced data providers rather than security incidents within an organization’s own data centers.
As a result, investments in traditional data security and regulatory compliance are not enough to protect against data breach. ID Experts helps you fill this gap. We offer CIPPCertified Information Privacy Professional-certified professionals, comprehensive knowledge of federal, state, and industry privacy and breach regulations, and international best practices for breach prevention and remediation developed based on AICPAAmerican Institute of Certified Public Accountants-standard frameworks. Our knowledge and our experience working with major companies and organizations through hundreds of data breach incidents offer the edge you need to fully identify and manage the business risks, mitigate the impact, and minimize the short and long-term costs of data breach.