Businesses today are increasingly aware of information security risks, and it’s easy to see why. It seems that every week there’s another news story of a high-profile security breach and no business wants to be next on that list.
The risks of a security breach are clear: the exposure of personal information for countless customers puts those individuals at risk, while potentially damaging the company’s reputation in the public’s eye.
Penalties are also becoming more severe. The stiffest financial penalty under Europe’s upcoming General Data Protection Regulation (GDPR) requires a fine of up to 4 percent of a company’s total worldwide revenue. Given that reality, risk management and regulatory compliance is, more than ever, a crucial focus area for enterprise security.
David Hayes, an auditor at the U.S. Government Accountability Office, will be one of four panelists discussing that exact topic – The Four Corners of Enterprise Security – in a Tuesday keynote session at SHARE Providence.
In his talk, David will recognize some of the approaches that allow successful organizations to achieve compliance in information security. He’ll be joined by Stu Henderson of Henderson Consulting, Simon Dodge of Wells Fargo and Buzz Woeckener of Nationwide Insurance. Each will provide tips and insights on, respectively, the organizational roles impacted by security, proactive security activities businesses can take and emerging security threats.
In anticipation of his talk, we asked David to share his thoughts on the role of compliance in organizational security.
The Impact on Businesses
Taking security seriously offers additional benefits beyond simply keeping companies out of trouble.
In its Global State of Information Security Report, PwC found that investing in strong cybersecurity practices will foster business growth and technology innovation. In fact, 59 percent of respondents say that they spend more on cybersecurity as part of broader digitalization initiatives that are also tied to product development and revenue opportunities.
As one component to security, compliance adherence can help all companies stay competitive, David said. But, they need to focus on the right activities.
“A major risk is the expenditure of resources, money and the time of valuable staff on compliance efforts that don’t efficiently advance the organization’s control posture or improve risk management,” David said.
A Culture of Compliance
A wide range of solutions can remove the burden of compliance by making security and risk management processes run faster and more efficiently. But, technology is not the most important ingredient to adherence.
“The core component of enterprise security and risk management needs to be the organization’s control objectives and its strategy for achieving them, which is clearly communicated to everyone involved and imbedded in the corporate culture,” David said. “Only knowledgeable, qualified and committed people make those efforts succeed.”
That success is contingent on establishing a culture of compliance, one in which there’s no question as to how IT staff members factor into their corporation’s overall strategy.
“Everyone in the information systems business needs to clearly understand where they fit into their organization’s enterprise security and risk management processes,” he said.
Join David Hayes, Stu Henderson, Simon Dodge and Buzz Woeckener for a TED-talk style keynote on the most important qualities of enterprise security. Register for SHARE Providence to attend “The Four Corners of Enterprise Security,” Tuesday August 8 at 8 a.m. ET.