Impending breach notification laws highlight importance of security awareness

New data breach notification proposals from President Obama and other political leaders will only exacerbate the impact of these incidents.

The stakes surrounding cybersecurity aren’t just increasing – they are expanding.

For years now, business leaders have understood that data breaches are a serious issue, one which firms must do everything in their power to avoid. After all, these incidents can lead directly to the loss of intellectual property, which in turn makes a company less able to compete in its given sector. At the same time, a data breach will often draw attention to data security compliance violations, resulting in hefty fines and other sanctions from regulatory government bodies.

But that’s not all. Just as important, or even more significant, is the reputation damage that a data breach will cause. And new data breach notification proposals from President Obama and other political leaders will only exacerbate the impact of these incidents. This will make heightened security awareness essential for companies in every industry going forward.

“The law would require companies to notify victims within 30 days of the incident.”

Notifications needed
President Obama issued his proposal during a speech to the Federal Trade Commission earlier this month. Specifically, the president called for a new national data breach notification law that would require companies to notify victims of a data breach within 30 days of the incident.

As PC World noted, this is not a new proposal – Obama has supported a national data breach notification law for several years. However, a number of recent high-profile data breaches, including the now-infamous leak of Sony Entertainment emails and other information, suggest that such legislation has a much better chance of becoming a reality now than before.

Currently, most states have their own data breach notification laws on the books. Yet these laws have little to no consistency among them, varying in terms of the deadlines for alerting victims and more.

“It’s confusing for consumers and it’s confusing for companies – and it’s costly, too, to have to comply to this patchwork of laws,” said Obama. “Sometimes, folks don’t even find out their credit card information has been stolen until they see charges on their bill, and then it’s too late.”

The real cost of data breaches
While all of these proposals are framed in terms of consumer protection, it is business leaders who need to take notice. If these new notification requirements take effect, the cost of experiencing a data breach will increase exponentially.

Data breaches are most damaging in regard to the organization’s reputation.”

This is because, as countless corporate executives and owners are coming to realize, data breaches are most damaging in regard to the organization’s reputation. Consumers understand the need to protect themselves from the threat of identity theft and fraud, and one of the best steps for remaining safe is to avoid patronizing companies that have failed to protect their customers’ data in the past.

Furthermore, the media pays a great deal of attention to data breaches. This means that any company that experiences such an incident and is forced to comply with notification regulations will inevitably receive a large amount of negative publicity.

All of this goes to show that companies need to increase their data breach prevention efforts, and that means investing in cybersecurity. More specifically, firms should look to increase their information security awareness training and measurement tools for employees. Contrary to popular belief, the majority of data breaches originate internally, not externally. While companies need to take steps to ward off hackers, the bigger threat is employee negligence and missteps, from choosing weak passwords to opening emails containing malware. By better informing staff  of these threats and how to follow best practices, organizations will drastically reduce the risk that they will ever need to worry about complying with new data breach notification laws.