• by Ray Schultz , Columnist, February 26, 2018

You may think that data breaches are a headache only for IT and the C-suite. But email marketing pros are stakeholders, too -- given that email addresses are often exposed and the brand harmed.

And the news is disquieting. First, there are the many state laws that attempt to regulate this area. According to Mintz Leven, only Alabama and South Dakota had no breach notification laws as of last September.

These measures vary in severity, but the trend is toward requiring rapid notification and the prohibition of charging people for services like credit freezes. An Oregon bill now on tap would forbid asking for payment information when providing monitoring services in the wake of a breach, according to the USA Network.

Granted, state laws could be outweighed by a federal bill that would exempt banks and reporting bureaus like Equifax from its provisions, according to an article in Forbes. But merchants, telecoms and some nonprofit groups would have to comply, Forbes says.

Be advised, however, that the EU’s General Data Protection Regulation provides no such exemptions.

Meanwhile, data breaches are on the rise. Last year, there were 1,300, compared with less than 200 in 2005, the Identity Theft Resource Center reports, according to MarketWatch.

The question arises: Is your firm taking cyber security seriously?

In a new poll of personnel by Ponemon Institute, sponsored by Raytheon, only 36% say their firms see cybersecurity as a strategic priority -- a slight improvement over 2015. And a paltry 32% add that their boards have been briefed on the strategy in the past 12 months.

Moreover, only 46% believe their cybersecurity strategy will improve, compared with 59% in 2015.

Yet 66% predict their firms will suffer a cyber exploit that will seriously diminish shareholder value. And the same percentage believes that the U.S. will adopt regulations that resemble GDPR.

Perhaps worse, 82% fear their firms will be hit with a breach resulting from an insecure Internet of Things device. And 80% say this event would be catastrophic.

The general unreadiness is reflected in several other studies. For instance, Hiscox reports that 73% fall into the cybersecurity novice category, and that only 11% qualify as experts.

In the Ponemon study, global laws such as GDPR are viewed as major future compliance burdens by 67%. As for what can help, 47% say technology, and 45% staffing.

The biggest problems, those that could cause a decline? For 53%, it’s lack of suitable technologies and/or inability to hire and retain expert staff. Only 19% list C-level indifference.

But there may be bigger issues — for example, 60% predict that nation-state attacks could lead to cyber war.

As for what technologies that will help in the future, the big three are identity and access management (81%), threat intelligence feeds (73%) and artificial intelligence in cyber defense (71%).

Ponemon surveyed 1,100 senior IT processionals in the U.S., Europe, and the Middle East/North Africa region.