"For the first time, our own data this year also showed cybersecurity becoming the top concern of compliance officers ... superseding bribery and corruption, which is typically a more prominent worry," said Carrie Penman, chief compliance officer for ethics at compliance software company NAVEX Global, which conducts an annual study of cybersecurity. Penman said CFOs and other corporate officers face a hurdle in getting their corporations to realize the scope of the hacking threat. "One weak spot CFOs are contending with is the board, where our data shows only a quarter of organizations include specific training on cybersecurity for directors."
Speaking at the Cambridge Cyber Summit earlier this year, White House Cybersecurity Coordinator and former National Security Agency official Rob Joyce said, "By any measure you want to use ... [the] trend line is going the wrong way. Whether you look at breaches, whether you look at criminal activity, whether you look at nation-state activity or even, you know, the sanctity of our elections, we've got to worry."
Speaking about how the private sector will deal with hacking, Joyce said they can make no excuses once they are handling private information. "If they're entrusted with our personal information, if they're entrusted with national security information, yeah, it's their obligation. They've got to do the right things." He added, "It's really clear that if you don't pay attention to cybersecurity and you're a manufacturer, you're a vendor, you are going to quickly lose your market share."
Average cost of a corporate data breach is $3.62 million, according to the latest annual Cost of Breach study from the Ponemon Institute, and affects more than 24,000 accounts. Ponemon found that the highest cost of lost business is in the United States, at more than $4 million per hacking incident. The cost per breach was down year-over-year in the 2017 study, but the number of hacked accounts are growing per incident.