Overlooking Data Security

In a new article, Richard Levick, Esq., a crisis and public affairs communications specialist, wonders out loud if the data security debacle suffered by Sony Online Entertainment services could have been managed more effectively. 

Sony's crisis of confidence may reflect issues that are pervasive throughout many corporate cultures. Levick cites 2010 Carnegie Mellon University survey of corporate directors and executives that reveals “a stunning disconnect between consumers who are increasingly concerned about data breaches and the boards that are ultimately responsible for preventing them.” 

The survey found none of the boards in the survey places data security among its top three priorities. Only 6% reported that their boards had an IT or data security committee.

This disconnect between management and in-the-trenches IT requirements is a challenge even the best technologies can't fix. There are very effective security features available in today's database products, along with data encryption and de-identification solutions. Security technology is great, but there is a lack of management will to underwrite security efforts.

Often, data breaches are unavoidable, but a well-prepared and well-trained corporate culture can be an effective line of defense. Levick cites the example of the data breach at Heartland Payment Systems, in which the company's management moved quickly to notify customers in an “unprecedented communications effort that not only protected consumer relationships, but also made each subsequent step in the recovery process all the more credible. As a result, crisis was transformed into an opportunity as Heartland worked with competitors and drove industry-wide reforms that secured its leadership position in the ongoing battle against cybercrime.”

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology. 

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at joe@mckendrickresearch.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.