Data Breach Law Noti˜cation Infographic-FINAL.… · reputation Other 17% 14% 17% 40% 12% IT...
1
Cyber threat facing the US The last 14 months saw the compromise of more personal records than there are US citizens. 348.16 million US records compromised in 2014. A Gallup poll found hacking was the top crime Americans worry about, above murder, assault, and terrorism. 1 Obama’s Personal Data Notification and Protection Act ...If we don’t act, we’ll leave our nation and our economy vulnerable... ... we’re introducing new legislation to create a single, strong national standard so Americans know when their information has been stolen or misused... ...Will require American companies to notify affected individuals within 30 days of their personal information being lost in online breaches... ...The Department of Justice could enforce up to 10 years in prison if you are found in breach of the law... How do you feel about Obama’s proposed legislation? Greatest challenge for companies: “Although the US is taking steps in the right direction in creating a single, national law to combat the problem, individual enterprises have a duty to protect themselves and their customers now.” Get cyber secure before it’s too late I strongly agree with the proposal I agree with the proposal I neither agree nor disagree with the proposal I disagree with the proposal I strongly disagree with the proposal Increased cost Not enough human resources Systems not designed for this Concern over corporate reputation Other 17% 14% 17% 40% 12% IT Governance’s fixed-price ISO27001 packaged solutions enable organizations of all sizes, sectors, and locations to implement ISO27001 easily and cost-effectively. Find out which ISO 27001 solution is right for you » Cybersecurity skills shortage The Basics Do It Yourself Get A Little Help Get A Lot Of Help We Do It For You 5% 7% 18% 34% 36% Yes Do you expect a cyber attack to strike your organization in 2015? 54% Do you think cyber attacks are among the three biggest threats facing organizations today? Yes 88% Is your organization prepared for a sophisticated cyber attack? No Unsure 29% 28% ... 41% expect difficulties finding skilled candidates because... ...90% believe there is a shortage of skilled cybersecurity professionals. cybersecurity awareness training for staff 58% plan to increase Alan Calder, Founder and Executive Chairman of IT Governance 2014’s many high-profile information security incidents are estimated to be up 27.5% on 2013. Data Breach Notification Law 209,000 unfilled positions... ...74% upon last five years. in 2015. is the ONLY international cybersecurity standard that can help organizations PROTECT, COMPLY, and THRIVE. ISO 27001 IT Governance Ltd Unit 3, Clive Court Bartholomew's Walk Cambridgeshire Business Park Ely, Cambs CB7 4EA United Kingdom www.itgovernanceusa.com © IT Governance Ltd 2 2 3 4 4 4 5 5 4 4 4 6 6 7 7 4 4 Sources: 1. ITRC Data Breach Report 2014 - Identity Theft Research Center, December 2014 2. 348 million US records compromised in worst year of data breaches - IT Governance USA Blog, January 2015 3. Will Obama finally change cybersecurity in America? - www.cnet.com 4. 2015 Global Cybersecurity Status Report - US Data - ISACA, January 2015 5. With more than 200,000 unfilled jobs, colleges push cybersecurity - www.pbs.org 6. President Obama calls for federal data breach notification legislation as US military accounts are hacked - IT Governance USA Blog, January 2015 7. Obama's Computer Security Solution is a Mishmash of Old, Outdated Policy Solutions - www.eff.org 8. The ISO Survey of Management System Standard Certifications – 2013 Need for a common law The US is currently protected by a patchwork of 47 state data breach notification laws. Alabama New Mexico South Dakota NO LEGISLATION US organizations are recognizing ISO27001 as the international standard for information security. Number of ISO27001 certificates in the US: 2007 2008 2009 2010 2011 2012 2013 94 168 252 247 315 415 566 The Standard provides an information security management framework and registration scheme that helps organizations win international business and strengthen their supply chain assurance. 8 A data breach can happen to any organization at any time, but having robust cybersecurity measures in place limits its likelihood and mitigates repercussions considerably.
Transcript of Data Breach Law Noti˜cation Infographic-FINAL.… · reputation Other 17% 14% 17% 40% 12% IT...
Cyber threat facing the US
The last 14 months
saw the compromise of
more personal records
than there are US
citizens.
348.16 million US records compromised in 2014.
A Gallup poll found hacking was the
top crime Americans worry about, above
murder, assault, and terrorism.
1
Obama’s Personal Data Notification and Protection Act
...If we don’t act, we’ll leave our nation and our
economy vulnerable...
... we’re introducing new legislation
to create a
single, strong national standard
so Americans know when their information has been stolen or
misused...
...Will require American companies to notify a�ected individuals
within 30 days of their personal information
being lost in online breaches...
...The Department of Justice could enforce
up to 10 years in prison
if you are found in breach of the law...
How do you feel about Obama’s proposed legislation?
Greatest challenge for companies:
“Although the US is taking steps in the right direction in creating a single, national law to combat the problem, individual enterprises have a duty to protect themselves and their customers now.”
Get cyber secure before it’s too late
I strongly agree with the proposal
I agree with the proposal
I neither agree nor disagree with the proposal
I disagree with the proposal
I strongly disagree with the proposal
Increased cost Not enough human resources
Systems not designed for this
Concern over corporate reputation
Other
17%14% 17%
40%
12%
IT Governance’s fixed-price ISO27001 packaged solutions enable organizations of all sizes, sectors, and locations to implement ISO27001 easily and cost-effectively.
Find out which ISO 27001 solution is right for you »
Cybersecurity skills shortage
The Basics
Do It Yourself
Get A Little Help
Get A Lot Of Help
We Do It For You
5% 7% 18% 34% 36%
YesDo you expect a cyber attack to strike
your organization in 2015?
54%
Do you think cyber attacks are among the three biggest threats facing
organizations today?
Yes 88%
Is your organization prepared for a sophisticated cyber attack?
No Unsure29% 28%
...41%expect difficulties finding skilled candidates because...
...90%believe there is a shortage of skilled cybersecurity professionals.
cybersecurity awareness training for staff58% plan to increase
Alan Calder, Founder and Executive Chairman of IT Governance
2014’s many high
-profile
information secu
rity
incidents are es
timated to
be up 27.5% on 2
013.
Data BreachNoti�cationLaw
209,000 unfilled positions... ...74% upon last
five years.
in 2015.
is the ONLY international cybersecurity standard that can help organizations PROTECT, COMPLY, and THRIVE.
ISO 27001
IT Governance LtdUnit 3, Clive Court
Bartholomew's WalkCambridgeshire Business Park
Ely, Cambs CB7 4EA
United Kingdom
www.itgovernanceusa.com© IT Governance Ltd
2
2
3
4
4
4
5 5
4 4
4
6
6
7
7
4
4
Sources:
1. ITRC Data Breach Report 2014 - Identity Theft Research Center, December 20142. 348 million US records compromised in worst year of data breaches - IT Governance USA Blog, January 20153. Will Obama finally change cybersecurity in America? - www.cnet.com4. 2015 Global Cybersecurity Status Report - US Data - ISACA, January 20155. With more than 200,000 unfilled jobs, colleges push cybersecurity - www.pbs.org6. President Obama calls for federal data breach notification legislation as US military accounts are hacked - IT Governance USA Blog, January 20157. Obama's Computer Security Solution is a Mishmash of Old, Outdated Policy Solutions - www.eff.org8. The ISO Survey of Management System Standard Certifications – 2013
Need for a common lawThe US is currently protected by a patchwork of 47 state data breach notification laws.
AlabamaNew MexicoSouth Dakota NO LEGISLATION
US organizations are recognizing ISO27001 as the international standard for information security.
Number of ISO27001 certificates in the US:
2007 2008 2009 2010 2011 2012 2013
94
168
252 247
315
415
566
The Standard provides an information security management framework and registration scheme that helps organizations win international business and strengthen their supply chain assurance.
8
A data breach can happen to any organization at any time, but having robust cybersecurity measures in place limits its likelihood and mitigates repercussions considerably.
