Organizations only protect 60% of their business ecosystem, Accenture finds – CIO Dive

Dive Brief:

Data privacy regulators consider the health of business cybersecurity programs when calculating fines. Companies face fines even if they have extensive cyber hygiene.

Regulators also consider how long it takes companies to recover when calculating fines. More than half of leaders experienced a breach for more than 24 hours, whereas 97% of non-leaders said the same, according to Accenture.

Any lag time in remediation deepens a company's chance of fines under the General Data Protection Regulation or the California Consumer Privacy Act. While GDPR went into effect in 2018, most of its penalties finesare still in the "intent to fine" stage,leaving room for companies to negotiate with regulators.

Early detection is a company's best defense from a breach. However, less than one-fourth of non-leaders are able to detect a breach within a day, compared to 88% of leaders, according to Accenture.

Samantha Schwartz/CIO Dive, data from Accenture

Data lives in motion, flowing between business partners and security systems. Bad actors find holes in data aggregators, brokers, contractors, or other service providers that sit between customers and the companies they do business with.

Quest Diagnostics and LabCorp'sdata breach was caused by a weak link in their business ecosystem: their billing collector. The billing company was compromised for eight months and left the two companies answering to Congress. The companies' third-party risk management was in question, their internal security programs were not.

Only 15% of organizations have some degree of confidence in how they mitigate supply chain threats, according to Microsoft. Whitelisting, a mechanism for approving connections, is a solution for assessing third parties. With whitelisting, transactions are denied by default.

More here:

Organizations only protect 60% of their business ecosystem, Accenture finds - CIO Dive

Related Post

Comments are closed.