What happens when the CEO of a mid-size pharmaceutical company asks their Vice President of IT “What are we doing to ensure our vendors are protecting us” I get a call. More and more CEOs and senior managers in small to mid-size companies FINALLY realize the importance of 3rd Party Vendor Risk Management. Kudos to Share Assessments and Protiviti for just releasing The 2014 Vendor Risk Management Benchmark Study. Visit link for entire survey report.
According to an IBM commissioned Survey from the Ponemon Institute, the average total cost of a data breach has increased 15 percent in the last year to $3.5 million. According to X-Force – IBM’s global team of security analysts, more than half a billion (with a B) records of personally identifiable information were compromised last year. Use this in your next briefing to the board or senior management.
Today, more than ever, we understand that the CISO and CSO has a high-risk job with an average tenure between 2.1 and 4 years depending on the authoritative source. The “target” continues to move on the CISO’s and CSO’s back, but there are a couple ways to extend your employment in your current position or your next position by negotiating your success up front.
The Retail Cyber Intelligence Sharing Center was announced yesterday May 14th which I believe is a very positive move for the retail industry. Two of the largest retailers have listed data security breach as a new risk in their annual report and I am sure more will follow this coming year. This new Retail Cyber Intelligence Sharing Center is moving the pendulum from reactive to proactive and it will continue to swing as long as everyone plays nice in the sandbox and shares meaningful information.
Why is Dr. Ron Ross from NIST saying the following? “We need to have the same confidence in the trustworthiness of our IT products and systems that we have in the bridges we drive across or the airplanes we fly in.” Because The National Institute of Standards and Technology is developing a set of standards that would help developers build security into critical systems “from the ground up.”