Security Liability in an ‘Assume Breach’ World

The F5 Labs report, Lessons Learned from a Decade of Data Breaches reveals that the average breach leaked 35 million records.  Nearly 90% of the US population’s social security numbers have been breached to cybercriminals. When confronted by staggering statistics like these, it is prudent to assume it’s a matter of “if, not when” your systems will be hacked. The safest stance is to operate in an “assume breach” mode. This means anticipating that most of the systems and devices you use on a day-to-day basis, from IoT devices in homes to web servers supporting applications, are susceptible to attack.

At the heart of this, CISOs are so worried about the impacts of a breach that 81% of them either won’t report a breach, or would only report a material breach which, depending on the size of the company and its materiality threshold, could mean that very significant breaches go unreported. So why are CISOs reluctant to report a breach? It seems that every high-profile breach means those in charge of cybersecurity are fired. Compounding this problem is the fact that cybersecurity is a complicated field with many facets and sub-disciplines.

Read why cybersecurity today is not just an an IT issue but also a product quality issue, a customer service issue, an operational issue, and an executive issue, on DarkReading.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here