As Americans become ever more engaged online, their concerns about the online availability of their personal information have shifted. The significant increase in high-profile cyber security breaches over the last twelve months is also driving organisational behaviour, with security now the number one spending priority for CIOs in 2015.
In fact, 75% of CIOs expect to increase security spending in 2015, up from only 59% in 2014. CIOs clearly have heightened concerns following the many security breaches that occurred in 2014, resulting in a major increase in planned security spending.
Furthermore, CIOs remain concerned about Cloud security, with 35% citing it as the primary reason for keeping data out of the Cloud, up from 31% in 2014.
Internet users have also become more worried. In 2014, 50% reported that they were concerned about this issue, as opposed to only 33% in 2009.
A Pew Research survey from 2014 shows that:
- 18% of Americans had personal details such as their credit card, bank account, or Social Security numbers stolen; while
- 21% had a personal online account compromised.
The Identity Theft Resource Center has reported that data breaches in the US were up 27.5% in 2014 over the year before.
President Obama’s proposal this month to introduce a Personal Data Notification and Protection Act in the US would enforce prompt reporting of all data breaches involving personal information. . While 47 states in the US have laws requiring companies to notify consumers about personal data breaches, the different laws are not aligned, resulting in complexities when trying to inform consumers country-wide.
While well-funded hackers with sophisticated tools continue to cause concern for organisational leadership, American companies may find comfort in applying the principles of the international information security standard, ISO 27001.
ISO 27001 provides a framework for implementing processes, policies and systems to help the organisation adopt a robust approach towards information security risks. ISO 27001 requires an information security risk assessment that identifies risks, and requires the organisation to take action in order to treat these risks with a recommended set of controls.
vsRisk™ can help organisations save time, effort and expense when tackling risk assessments. Fully aligned with ISO 27001, vsRisk is fast, simple, flexible and adaptable, and trusted by leading risk practitioners as the ultimate information security risk assessment tool.
Visit Vigilantsoftware for more.