The recent eBay hack resulting in stolen information from 145 million users was the latest scare. Target's massive data breach in late December that leaked information on about 70 million customers is hard to forget.
These huge cyber attacks required a big response from the top firms in terms of security enhancements. BAE Systems Applied Intelligence surveyed senior IT officials from technology, finance, mining and other sectors worldwide and found that in the United States 60% of those polled would be boosting their cyber security budget. In Canada, 54% would do the same compared to 64% in Australia and 49% in Britain.
Some of the top Fortune 500 companies in the US have taken it up a notch by going on a hiring spree. According to a Reuters report, several are seeking highly-qualified cyber security experts trying to lure them with salaries in the $500,000 to $700,000 a year range.
Experts expect that the spending pattern will continue especially since threats are increasing and taking more of a financial toll. Security research firm Ponemon Institute said that the average cost of a data breach in the last year grew by 15% to $3.5 million. More troubling is that the chances of a company having a data breach involving 10,000 or more confidential records over a two-year period now sits at 22%.
As you might expect, insurance companies have found that businesses looking to protect themselves are considering cyber risk insurance to guard against financial loss from data breaches and attacks on their data networks. Insurers have added other elements to cover including privacy, crisis management, technology errors and omissions as well as media and intellectual property issues. In certain instances, some insurance companies will cover losses to a company’s customers in the event that their personal information or other data is compromised.
In addition, employees and consumers in general need to to be aware of potential risks and understand how to prevent them. Many companies are constantly urging and instructing their users, clients and employees to change passwords and adopt security features to protect data.
Of course, another positive to emerge is the design and development of better and more efficient technology. Tokenization is a good example. The process involves replacing sensitive data with a unique identifier that can’t be mathematically reversed. The technology would allow sensitive payment data to be converted into a 'token' and either stored or transmitted, thus taking the place of sensitive card data. The token if intercepted or stolen is of no value but it can still be converted into useful information by the issuing party, such as a bank or security firm.
Tokenization serves to remove credit card data from a company’s networks replacing it with a unique token, giving a cyber hacker nothing to steal. Merchants use only the token to retrieve, access, or maintain their customers’ credit card information, which will be stored in a secure offsite location.
The next key step is to develop a tokenization standard for securing credit and debit card payments made via mobile phones, tablets, and online channels. Also, tokenization will have to be tested and retested in the coming months to see how well it integrates with other automated payment systems. The possibilities are certainly encouraging.