Close

Zero tolerance on data breaches is inevitable

June 12, 2014

By Bob Johnson, NAID CEO

I’ve been a bit preoccupied with the early signs of the consequences of data breaches entering a new era. As I have written, when (not if) those distant smoke signals become an accepted reality, data breaches will no longer be survivable. Though statistics show some organizations that have data breaches don’t survive, the emerging case law related to class actions by victims of such breaches will ultimately make them a virtual death sentence for all organizations.

This is especially scary if one buys into the argument that there is no defense from such breaches. As the thinking goes, due to the combination of careless employees and contractors and ingenious hackers, data breaches are unavoidable. How will any organization survive in a world where data breaches are both unpreventable and fatal?

While it is a scary thought, it just might also provide the key to the solution. There are many business sectors where the consequences of certain failures would be similarly fatal. Air travel, for instance, is one of the safest ways to travel because it has to be. If it weren’t, there would be no airline industry. As a result, commercial airline accidents are incredibly rare. Banks can’t randomly lose or misplace our money and stay in business. Doctors can’t ineptly kill patients and keep practicing.

I do not accept that data breaches are simply a reality of our times. The stakes are quickly rising to the point where they cannot be tolerated economically. By paying appropriate attention to employee training, vendor selection and monitoring, IT security systems, standards, and accreditation, an organization can meet the challenge, especially when the pain gets bad enough. It’ll be like data Darwinism; organizations that do not protect data will become extinct, and those that do protect it, will be left alive to prosper.