Digital transformation disrupts businesses everywhere, and information has become an organization’s most strategic advantage for reaching, interacting together, and keeping clients.
The Regulatory Environment
With the exponential growth of information, a strict regulatory environment, cyber threats (including ransomware strikes), and highly competitive and innovative upstarts continuously upending the market, protecting and extracting value from the most strategic asset is a business imperative and a challenge.
If organizations ever had an incentive to govern data closely, it is compliance. The price of failing to comply with stringent regulatory requirements may add up quickly, involving legal costs such as litigation and settlement fees, in addition to reputational damage and business losses.
Organizations that fail to obey the GDPR can face penalties of up to 4% of the annual international turnover. With potential penalties this severe, it’s no surprise that an increasing number of businesses are investing heavily in compliance initiatives. Some view compliance as a critical competitive advantage.
For instance, Global banks operate under more than a hundred distinct regulations at any given time, with new rules coming out regularly.
CIOs and IT directors in the EU are currently integrating another banking regulation: The Revised Payment Service Directive (PSD2), which enables consumers and businesses to use third-party suppliers, like Google or Facebook, to manage finances, pay bills, or examine spending. Strong Client Authentication (SCA) is mandated under PSD2 by December 31, 2020. SCA is required for all European e-commerce transactions.
The effect on EU banks is genuine. They must enable third-party supplier access to customers’ accounts through application programming interfaces (APIs). Thus, IT and programming costs will likely increase because of new safety conditions like more vigorous identity checks and API development.
Many factors make it increasingly hard for businesses to comply with the rising number of regulations across several industry verticals.
Legislation and new regulations are outpacing the capabilities of existing IT infrastructure investments and the budgets necessary to adopt adequate solutions. By way of example, the length of time that sensitive data must be stored to meet regulations can surpass a legacy architecture’s physical capacities.
In reaction, many IT leaders execute excessive data control procedures, stifling innovation and productivity, and hampering the built-in versatility required to accommodate changes in the regulatory arena.
Risk exposure will always grow as the gap widens between applications, people, processes, systems, and present technologies with every new or modified regulation.
Continuous Threats to IT Leaders
Organizations and their information are also under continuous threat. There are many sites with statistics which all point toward an ever-increasing risk, especially in ransomware and malware. For instance, purplesec.us reports in 2018, there were 80,000 cyberattacks per day or over 30 million attacks per year. Although the highest number of attacks occur in the US (38%), cyberattacks are a global and increasing problem. Cybersecurity Ventures predicted that international ransomware damage costs reached an estimated $7.5 billion in 2019, up from $325 million in 2015.
Malicious outsiders do not commit all the risks to information security. IT leaders must also keep information integrity and protect information from being corrupted or irretrievably deleted from an accident or ruined by some sudden outage or event. For IT departments, frequently running data backups and installing the most recent antivirus software can help minimize possible harm from a ransomware attack, accidental deletion, system corruption, or outage; however, it isn’t enough. Information identity and security management solutions can help prevent unauthorized access, but information protection must extend from an organization’s heart to every endpoint
In the next Data Governance Series post, we will examine additional risks, help define Data Governance, and begin the planning process.
Until next time. /MC
—
Catch up with the Data Governance Series from this overview blog post. And as always, if you have any questions or would like to discuss your Data Governance efforts further, feel free to email or call myself of the Backup Tech team.