It’s fitting that National Cyber Security Awareness Month concludes with Halloween, because the current numbers regarding data breaches and cyber crime can be downright scary. According to the Ponemon Institute’s 2016 Data Breach Preparedness Study:
- More than 878 million records have been compromised by data breach activity since 2005.
- The average total cost of a data breach rose from $3.74 to $4 million in 2016.
- In the last year, per capita costs have risen from $154 to $158 per lost or stolen record.
- As of August 30, there have already been 638 recorded data breaches with more than 28 million exposed records in 2016.
In its 2015 Data Breach Report, Verizon noted that 2014 was the year the term “data breach” went mainstream with average people. In fact, Verizon noted, the New York Times ran more than 700 articles on data breaches last year (by contrast, Taylor Swift got only 400 articles).
Clearly, awareness is building, and that’s a good thing because informed consumers and vigilant companies can do a lot to block cyber crime. With general awareness on the rise, Cyber Security Awareness Month is the perfect time for you to reassess what your company is doing to protect your organization and your customers, how well you’re training employees to combat cybercrime, and your level of preparedness to respond when a breach does occur.
This year, Cyber Security Awareness Month happens to coincide with the one-year anniversary of major liability shift for payments fraud. Payment networks have moved toward the more secure EMV chip technology to help deter fraud. As of last October 1, businesses that weren’t equipped to accept and process chip-enabled credit and debit cards became financially liable if a fake, lost or stolen card were used in a transaction with their business.
The post-launch spread of EMV technology isn’t the only good news to report since last Cyber Security Awareness Month. A number of new laws were introduced that aim to improve cyber security for businesses and consumers. According to the ISACA’s website, recent bills were been introduced to:
- Facilitate sharing of some cyber threat intelligence and information between the intelligence community and cybersecurity organizations.
- Specifically protect the personal information of children.
- Establish a national standard for data breach notifications.
- Require notification for information security breaches.
- Provide for harsher penalties for those convicted of cybercrimes.
It’s important for companies to be aware of the big picture in the fight against cybercrime, and how their own efforts can enhance cyber security for everyone. Cyber security is everyone’s responsibility, so make October your month to focus on security within your own organization.
The Department of Homeland Security, which sponsors National Cyber Security Awareness Month, has designated a different theme for each week of the month. The first week continues the message of the Stop. Think. Connect campaign, and focuses on how everyone can stay safer online day-to-day. The second week, Oct. 10‒14, focuses on eliminating cyber security risks for employees of all levels. In the week of Oct. 17‒21, communities will learn how to recognize and defend against emerging forms of cyber crime. The fourth week emphasizes the importance of security and protection in an increasingly app-centric digital environment. Finally, in the last week of the month, Oct. 31, the focus is on building resilience in critical infrastructure that must continually weather attacks and shield against other predatory activity.
To learn more about National Cyber Security Awareness Month and for ideas on how your business can participate, visit www.dhs.gov/national-cyber-security-awareness-month.
Legal Notice: The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality information but make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specific circumstances of each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.