You Must Make Data Privacy Part of Your Company’s Cultural DNA. Here’s Where to Start.
Companies that fail to incorporate data privacy into their culture face many potential security risks--including an average of $9.23 million to recover from a single data breach.
In today's world, it's all about the data--cybercriminals want it, businesses have it--which makes it imperative for organizations to grasp the importance of data privacy and why it must be a strategic priority for their businesses.
However, the truth is that data privacy needs to go far beyond tools, technologies, and awareness-building--it needs to become part of a company's cultural DNA, woven into the very fabric of the business and its workforce. To affect change, a company's employees, from top to bottom, must become great stewards of data or face the consequences.
The recent onslaught of ransomware, data breaches, and a vast array of sophisticated cyberattacks are paralyzing businesses from realizing the full potential of their data to drive business value. In fact, during the first half of 2021, ransomware incidents grew 288 percent. Major attacks, such as that against Colonial Pipeline, have caused disruptions that were felt across the nation.
The chances of a business making its way into the next cyberattack headline are far too high, and a data breach can lead to serious reputation and financial impact. In the healthcare industry alone, it's estimated to cost an average of $1.3 million for an organization to recover from a ransomware incident, and an average of $9.23 million to recover from a single data breach. If that weren't enough, a recent report shows 80 percent of organizations that pay a ransom demand experience a second ransomware attack, often carried out by the same threat actor group.
Companies that fail to incorporate data privacy into their company culture face many potential effects as a result of a data breach, including legal ramifications, regulatory fines, reputational damage, loss of intellectual property, sensitive data, and more. As new data privacy regulations are enacted, such as GDPR and CCPA, organizations around the globe will begin to face increased scrutiny and the potential for regulatory fines, regardless of if the data breach was intentional or unintentional.
Similarly, failure to implement data privacy initiatives can also present missed opportunities, such as impeding innovation and limiting an organization's ability to tap into artificial intelligence and machine learning. Without having data privacy built into these systems, organizations could risk falling behind the competition.
Research from Cisco's Data Privacy Benchmark Study shows that 70 percent of organizations see significant business benefits, such as operational efficiency, agility, and innovation, by prioritizing data privacy. While it's true that data privacy is vital throughout an organization, there are several core teams that stand to benefit the most from an increased focus on privacy, including sales, marketing, customer success, and product teams. For example, if a company's goal is to create a bespoke experience for customers, these teams could collaborate together to securely leverage sensitive data and deliver more personalized customer experiences, all while maintaining compliance with strict data privacy regulations.
Many HR teams today could also benefit from an increased emphasis on data privacy, since securing sensitive employee data is just as important as securing customer data. In the event of a data breach, sensitive employee information such as Social Security numbers, driver's licenses, salaries, and health profiles can be at risk too.
To ensure that data privacy is built into a company's cultural DNA, there must be a strong level of execution and support from the top down. Key stakeholders like HR professionals, the C-Suite, the board of directors, and IT leadership have the responsibility to uphold data privacy across the organization. However, it's not only up to these specific stakeholders. It includes all employees from all levels.
For companies looking to weave in data privacy as part of their cultural DNA, consider these suggestions:
Data privacy: Say it loud, say it often.
There is great value in vocalizing the importance of data privacy. This applies to both internal teams and external organizations, including customers, prospects, and partners. When it comes to making data privacy a part of any company's cultural DNA, the importance of "saying it loud and saying it often" should not be overlooked.
Adopt an inside-out approach.
Flip around the company's mentality when it comes to cyber investments. Instead of adopting an outside-in approach, go inside-out. Start with securing your business at the data level first. Once data has been properly protected, move on to the next most critical defenses, such as application security, network security, and endpoint protection.
Implement a zero-trust strategy.
Today, with an estimated seven out of 10 workers operating remotely, a zero-trust strategy (a security framework that maintains no user or device should be trusted by default) is critical.
We also see this at the highest level of government with the current administration developing an infrastructure built on a zero-trust model. Within the technology sector, we are seeing recognizable companies like Amazon, Google, IBM, and Microsoft invest billions of dollars over the next few years to expand zero-trust programs and increase employee training to integrate security into their organizations, by design.
Don't underestimate the power of training.
Consider methods of security awareness training, such as mock phishing simulations, so that employees know how to handle deceptive, or even malicious, emails. With training, the number of employees that engage in careless clicking falls significantly, depending on the length of security training.
In addition to phishing training, companies should also provide comprehensive data privacy training, so that employees, at all levels, are aware of how to properly manage and use data without compromising the business. Training employees about data privacy brings a human element to an otherwise software and technology-focused process. Combined, it's the human intuition, intentional process, and powerful technology that bring success to any organization.
While investing in security technologies and services is one part of the equation, companies must not overlook the importance of creating a workplace culture that prioritizes data privacy throughout all facets of the business.
This article was written by Rick Farnell from Inc. and was legally licensed through the Industry Dive publisher network. Please direct all licensing questions to legal@industrydive.com.
MUFG Americas
1251 Avenue of the Americas
New York, NY, 10020-1104, United States