Consumer data breaches seem to have become a regular occurrence among enterprise companies. 1to1 Media Editor-in-Chief Mila D'Antonio recently wrote about how 80 million customer records at health insurer Anthem were exposed. While it's encouraging that The White House has drafted a Consumer Privacy Bill of Rights, critics argue that the bill doesn't go far enough in protecting consumer privacy. Clearly, there's still a lot of work that needs to be done to protect customer data. This includes setting aside adequate corporate budgets to fund these efforts.Fifteen years ago when the role of Chief Information Security Officers (CISOs) first came into vogue, many CISOs and their teams lacked budgets to invest in security-related technologies and initiatives such as firewalls, intrusion prevention and detection software, VPNs, anti-virus software, etc. So while security chiefs had lofty titles, they didn't have any actual budget authority. This raised a lot of questions and concern about how effective they and their teams could actually be in their roles.
Although CISOs have since achieved budget responsibility and cybersecurity budgets had been growing year over year, spending has since flattened out, according to EY's Global Information Security Survey 2014. Forty-three percent of the 1,825 respondents to the survey say that their organization's total information security budgets will remain flat over the next 12 months while 5 percent say security spending will shrink.
While cybersecurity spending is a critical component to protecting consumer data, it's not the only challenge that organizations face. Fifty-three percent of the EY survey respondents say a lack of skilled staff is one of the main challenges that threatens their security postures. Meanwhile, companies also lack the agility to mitigate known vulnerabilities and are deficient in analytical intelligence and dedicated analysts to detect and anticipate security threats.
Customers expect companies they do business with to protect their information. Organizations that are victims of cyber attacks where customer data is exposed can see customer trust crumble. As cyber criminals continue to become more sophisticated, companies need to step up their efforts to guard customer data and other sensitive information.