Employees are a major access point for cyber attackers. Companies need to make sure their employees are part of their cyber plan to build resiliency.
As consumers become more aware of the power of their data, the pressure is on companies to have a robust data privacy strategy to build and retain trust with their customers. All companies are potential targets for data breaches. Hackers don’t care about your industry, revenue size or number of employees. They only care about the data you have and will stop at nothing to get their hands on it.
What regulations do you need to comply with?
Regulators and governing bodies are playing catch-up to protect consumers and their data at home and abroad:
- All Canadian companies must notify the Office of the Privacy Commissioner of data breaches and affected individuals when the event represents a real risk of significant harm to affected individuals.
- Expected Canadian amendments to privacy regulation, including the Personal Information and Electronic Documents Act to give more power to consumers on how companies use their personal information.
- The General Data Protection Regulation (GDPR) in Europe allows individuals to object to companies using their personal information for sales or non-marketing related purposes and forces companies to comply with data privacy measures.
- California’s Consumer Privacy Act (CCPA) gives consumer rights relating to the access, deletion and sharing of their personal information that has been collected by businesses.
Companies need to take a critical view of their data privacy risk posture to ensure they can withstand an attack and comply with the above regulations.
But is this enough?
Threats are everywhere, both within your company and outside, and it’s inevitable you will be breached. The reality is that even with the renewed focus on bringing in new legislature, we are still seeing privacy breaches occurring daily. While these events keep the ever-evolving privacy landscape top of mind for businesses, it’s not stopping cyber criminals from infiltrating your networks to steal your most valuable assets.
Throughout this article, we will showcase the findings from our EY Global Information Security Survey (EY GISS) to show how Canadian executives are responding to cybersecurity and privacy so you can assess how your business stacks up. This survey captured the responses of over 1,400 global C-suite leaders and information security and IT executives/managers, including 43 Canadian respondents, representing many of the world’s largest and most recognized global organizations.
How can you take action today?
To have a robust and effective privacy program, a solid cybersecurity strategy is necessary. But cybersecurity is often misunderstood, not just by the public, but by corporate executives and their employees. This lack of knowledge could be the reason why: