Data Protection February 12, 2019
By Sue Poremba 3 min read

When developing a security plan, most organizations turn their focus internally to protect business interests. That used to work because most people didn’t give cybersecurity a second thought — that is, until their personally identifiable information (PII) was affected. But that isn’t the case anymore.

With the increase in very large, high-profile data breaches and regulations such as the General Data Protection Regulation (GDPR), consumers now care about security and data privacy, and they want to make sure the companies they do business with are taking action to protect customers’ PII. According to a study from The Harris Poll and Dtex, Americans are demanding organizations do a better job at cybersecurity and protecting personal data. The challenge for organizations is to enact security policies and systems that meet enterprise objectives while also addressing consumer privacy concerns.

Digital Monitoring Is the Primary Concern

The security and data privacy issue that concerns Americans most is digital monitoring. The majority of consumers don’t mind that their PII is being digitally monitored — they understand this helps organizations streamline business operations — but they want transparency. In other words, they want to know what information is being used and why.

It isn’t just consumers that demand this transparency. More than three-quarters (77 percent) of those surveyed in the Harris Poll/Dtex report said they want their employers to be transparent about how employee information is monitored. Transparency is such an important issue that the vast majority of Americans (71 percent) would turn down an employment opportunity if the prospective employer was not upfront about digital monitoring.

Consumers and employees understand that monitoring of digital identities is often done in the name of improved cybersecurity — that this will protect them in the long run — and the security angle plays a role in their perception. But it stops with the workplace; consumers don’t want a Big Brother monitoring their personal devices, even when they are used in a business setting. They also worry about the amount of digital monitoring that occurs in social media, banking, government and even retail. Again, they don’t like being watched, but recognize that this will help organizations provide better security.

Still, most people don’t believe they can do anything about it. According to an ExpressVPN study, 89 percent of Americans think they should have some control over how companies, especially the big tech companies, share the PII they gather, but barely half (52 percent) believe that will happen in 2019. Even with the spotlight shining brightly on security and privacy, Americans simply don’t trust organizations to keep their personal data safe. Cybersecurity of personal data is taken out of their hands once they share the information. According to Harold Li, vice president of ExpressVPN, it shouldn’t be that way.

“Privacy is a fundamental right, and internet users should be in control of their personal data and how it should be used,” he asserted.

Develop a Security Plan That Works for Everyone

We know what consumers want when it comes to the protection of their digital identity. Now it is up to every organization to find a way to develop a security plan and put together a cybersecurity system that addresses consumer concerns while providing optimal business operations.

This begins with understanding why and how consumers’ PII is used for business, which requires internal security leadership to meet with other business units to understand how each uses and stores consumer and employee data. Marketing will use this information differently than human resources and accounting, for example, and providing the right security and data privacy solution can’t be a one-size-fits-all approach if data protection and transparency is the goal.

The growing number of privacy laws will also impact any security policy, and leadership has to go beyond the regulations already in effect. Security and privacy systems have to address more than just the GDPR and the California Consumer Privacy Act (CCPA), or newer laws in Colorado and Illinois. Instead, leadership must anticipate what is coming, possibly from a federal level, and recognize that how they handle privacy concerns today isn’t going to meet next year’s demands.

Security policy that deals with data privacy also needs to address the concerns of consumers. As Americans become more savvy about cybersecurity, they will expect organizations to put greater emphasis on protecting PII and to offer more transparency around digital identity monitoring. If your organization isn’t willing to meet consumer expectations, they will take their business to a company that will.

Finally, no organization can improve its security and privacy policies without improving internal behavior. More emphasis needs to be placed on data privacy training and transparency. Just as employees should receive education on how to identify a phishing email or avoid downloading malware, they should also be well-versed on what constitutes a violation of data privacy.

Consumers are more aware than ever about cybersecurity and its risks. They understand that they willingly turn over a lot of personal information, and now they want organizations to step up efforts to protect that data’s privacy. The onus to meet the challenge of consumers’ security and privacy expectations is on the enterprise. Developing a security plan around consumer concerns is a good first step.

 |  |  |  |  |  |  |  | 
Sue Poremba

More from Data Protection
September 13, 2023

Cost of a data breach 2023: Pharmaceutical industry impacts

3 min read - Data breaches are both commonplace and costly in the medical industry.  Two industry verticals that fall under the medical umbrella — healthcare and pharmaceuticals — sit at the top of the list of the highest average cost of a data breach, according to IBM’s Cost of a Data Breach Report 2023. The health industry’s place at the top spot of most costly data breaches is probably not a surprise. With its sensitive and valuable data assets, it is one of…

August 30, 2023

Cost of a data breach 2023: Financial industry impacts

3 min read - According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, 15% more than in 2020. In response, 51% of organizations plan to increase cybersecurity spending this year. For the financial industry, however, global statistics don’t tell the whole story. Finance firms lose approximately $5.9 million per data breach, 28% higher than the global average. In addition, evolving regulatory concerns play a role in how financial companies…

August 28, 2023

Advanced analytics can help detect insider threats rapidly

2 min read - While external cyber threats capture headlines, the rise of insider threats from within an organization is a growing concern. In 2023, the average cost of a data breach caused by an insider reached $4.90 million, 9.6% higher than the global average data breach cost of $4.45 million. To effectively combat this danger, integrating advanced analytics into data security software has become a critical and proactive defense strategy. Understanding insider threats Insider threats come from users who abuse authorized access to…

August 22, 2023

One simple way to cut ransomware recovery costs in half

4 min read - Whichever way you look at the data, it is considerably cheaper to use backups to recover from a ransomware attack than to pay the ransom. The median recovery cost for those that use backups is half the cost incurred by those that paid the ransom, according to a recent study. Similarly, the mean recovery cost is almost $1 million lower for those that used backups. Despite this fact, the use of backups is actually falling. This was one of the…

© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature