South Africa slow to realize “Data Security is a boardroom issue”

“When it comes to a data breach or loss of some kind it’s not if, but when,” says Ilze Dewing, Business Development Director at Endpoint Data Backup and Recovery solutions specialists, Cibecs.

“Recommendations in South Africa’s King III report, stipulations in our Companies Act and new incoming legislation such as the Protection of Personal Information Bill (PPI) and the Protection of State Information Bill, places responsibility for the security of sensitive data at the feet of an organization’s board. Neglect to do so can, and will, have a negative impact on individual board members and their organizations alike.”

Statistics tell an (alarming) story

Research conducted by Cibecs and IDG Connect in the 2012 Data Loss Survey indicate that, by and large, South African organizations have an alarmingly blasé attitude towards the security of their business critical data, with nearly 50% of respondents still relying on users to take responsibility for company data.

It comes as no surprise then that, of the companies that rely on their users for the security of organizational data, 94% have experienced data-related problems as users fail to comply with their company’s data backup policy.

“The problem is one of buy-in from board members into the critical need to secure company data,” says Dewing. “The 2011 State of the Endpoint Survey (conducted by the Ponemon Institute) revealed that nearly 50% of IT Technology decision makers couldn’t solve their security problems because, they felt, they had no buy-in from their CEO and CFO.”

A paradigm shift required

This situation will have to change, and rapidly so, if companies are to avoid hefty penalties and the other costs related to data loss or data security breaches.

In addition, a recent Deloitte & Touche survey revealed that few South African companies have achieved compliance – and that only 50% of the companies surveyed had commenced any steps towards compliance.

“Even more worrying is the large percentage of companies that do not even understand the impact of the law and the compliance requirements,” says Dean Chivers, a director in Deloitte & Touche’s legal department. “Any medium or large entity, which has not commenced compliance activities by the end of this year, is very unlikely to comply timeously.”

Recognize and Minimize Risk at boardroom level

Considering the kind of data that is at risk and the negative impact the loss of that data will have on a business or enterprise, the situation is nothing short of alarming.

“Consider for a second the kind of data that drives businesses and organizations, “says Dewing. “Everything an organization is built on is at risk and it’s the board’s fiduciary duty to make sure that that risk is minimized – and that mechanisms exist to recover swiftly should defenses be breached.”

 

FEATURED POSTS
IT Managers: How to Protect Your Users Against Ransomware

The best way to protect yourself, your users and your business against ransomware is by setting up a proactive defence. The ransomware statistics paint a frightening picture for anyone in charge of IT: In Q3 2016 alone, 18 million new malware samples were captured. Source: Panda Labs   What that means is that the criminals…

Cibecs Joins Silicon Valley Top 20

Cibecs Joins Silicon Valley Companies to be Listed on Top 20 Most Promising Storage Solution Providers of 2016 Cibecs, a leading South African endpoint backup, protection and security solution, has been recognised as one of the 20 Most Promising Storage Solutions of 2016 by CIO Review. The list, compiled by industry insiders, highlights leading global…

4 Signs You Need a New Endpoint Data Backup Solution

With more workers depending on laptops it is more important than ever to ensure that the work protected and stored on those devices is backed up and protected. Forrester Research says that 45% of corporate executives don’t follow policies for data use and handling. Underlining how at risk almost half of a business’s data actually…

Discover how easy endpoint data protection can be