Data breaches have become a common occurrence in our modern world. Unfortunately, many companies and individuals still don’t take data security seriously. While most people recognize that a data breach could lead to financial loss, the potential consequences go far beyond dollars and cents. Data breaches can affect real people, including friends, family, and loved ones.
As data becomes more critical in our lives, compromising it could potentially have life-threatening consequences. The Google Health team released a study a few years ago that showed how anonymised medical records could be de-anonymised and how a potential hacker might easily and instantly find and access all medical records of one individual. The study revealed how HHS data breaches could cause severe health consequences, including identity theft, financial fraud, and medical errors.
Data breaches can also affect brand reputation, sending the wrong message to potential customers. As an example, in 2018 Marriott suffered a data breach where hackers accessed personal information belonging to over 500 million customers. The aftermath has led to a perception among potential customers that Marriott does not take the security of customers’ data seriously, which has hurt the company’s brand.
The role of social responsibility in data security has become a fundamental factor of consideration in data security and IT safeguards. Companies need to embrace the social responsibility associated with securing data to make a fundamental change in how they approach cybersecurity. The consulting industry is good at putting things in context and helping identify what’s important to individuals or organisations. However, we need to shift the needle in a different direction, as bad outcomes should not be accepted as inevitable.
One of the main reasons why social responsibility is so important is the fact that we are becoming more data-dependent in our lives. Everything we do relies on data, from buying a Gucci handbag to our data in electronic health records. Data is infused into everything, from design, manufacturing, shipping, logistics, and marketing. If data isn’t secure, it can compromise the brand’s name, and customers may not know about it.
A particularly noteworthy area for social responsibility in data security is the medical sector. Medical data is highly personal and intimate, and if it’s compromised, it could bring harm to the person whose data has been compromised. For instance, if a person had her medical history exposed, this can lead to worse insurance rates, medical discrimination, and even social harm from “friends” or associates privy to this information.
Do The Right Thing(s)
As Brian Grant, Regional Director ANZ from Thales Cloud Security noted in a recent podcast on KBKast, data security has a social responsibility that goes beyond the financial benefits. There is a need to prioritise investing in cybersecurity simply because it’s the right thing to do. Grant argues that companies need to prioritise their security investment around the value of their data, instead of spending large amounts of money to secure devices that don’t catastrophically impact their business if they are compromised. Doing what is right for humanity should be the primary motivation for data security, according to Grant.
“We’ve got to take responsibility from a social perspective for doing this. The fines justify it. The fines actually allow you as a board to justify it. The reality is we’ve had to socially embrace the fact that data needs to be better secured. And once we do that, then we’re really home.“
Fines can help justify investing in data security, but social responsibility should be the primary motivation. The world is becoming more data dependent, and everything we love about the world today is data-dependent. This is why a data breach or a lack of cybersecurity could have devastating consequences. It’s a social responsibility that everyone needs to recognize, and they need to be willing to invest the time and money to secure it.
The issue of cybersecurity is tough because success is measured by nothing happening, which makes it hard to justify funding to the board of directors. Nonetheless, the focus should be on securing the data, as it only takes one mistake or exploit to compromise the entire system. As data becomes more critical in our lives, it is essential to prioritize it and invest in its protection.
Training and coaching people to be better at cybersecurity are important, but it’s not a complete solution. Research shows that roughly 50% of cyber incidents are caused by human error. Effective data security is easy but requires action to be taken. CEOs and executives should be educated on effective data security measures, and organisations should prioritize their investments around cybersecurity based on the value of their data.
Social responsibility is a crucial factor to consider when it comes to data security. Companies and individuals need to remember that data breaches are more than just financial loss, and act accordingly. The world is becoming more data-dependent, which is great in so many ways, but also brings a potential risk to us all. By investing in data security, companies can protect themselves from devastating consequences while doing the right thing for humanity.