Menu
Survey: Cybersecurity pros endorse data breach notification rules

Survey: Cybersecurity pros endorse data breach notification rules

Three quarters of ISACA members say they support Obama's proposal

More than three-quarters of ISACA members support a data breach notification proposal from President Barack Obama.

More than three-quarters of ISACA members support a data breach notification proposal from President Barack Obama.

U.S. President Barack Obama's call for a nationwide data breach notification law has won strong support from members of one cybersecurity-focused organization.

More than three quarters of ISACA members surveyed by the cybersecurity training and benchmarking organization said they agreed or strongly agreed with Obama's proposal to require breached organizations to notify affected customers within 30 days. Only about 8 percent of the 3,400 respondents said they disagreed or strongly disagreed. Most of ISACA's 115,000 members are IT professionals.

Asked what the biggest challenge companies would face in complying with a breach notification law, 55 percent of those surveyed said it would be a concern over corporate reputation. Other 15 percent said the biggest challenge would be systems not designed for data breach reporting, and 13 percent said increased costs.

More data breach reporting will lead to companies taking new steps to protect their data, said Robert Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies. A new law will make cybersecurity "an agenda item" among company leaders, he said. "There are some organizations potentially not giving this the level of diligence they should."

Obama is expected to call for a breach notification law during his State of the Union speech Tuesday evening. More than 45 states have their own breach notification laws, but there's no national standard. U.S. lawmakers have been trying to pass a national law for about a decade without success.

Obama is also expected to propose new ways to allow organizations to share cyberthreat information with each other and with government agencies, with protection from lawsuits. While some cyberthreat sharing proposals have raised concerns among privacy advocates, the U.S. needs to find ways to allow companies and government agencies to alert each other of attacks, Stroud said.

A threat information-sharing bill would be a "great initiative," Stroud said. "If Washington acts, we hope they take a clear and straight-forward approach, working in close coordination with industry."

The ISACA survey, completed last week, also asked respondents whether they expect a cyberattack to strike their organizations in 2015. Only 46 percent said they expect a cyberattack, while 24 percent said they were unsure.

Respondents may have read the question to mean a major cyberattack, not more common probing of their networks for weaknesses, Stroud said. "At many organizations, probably every day, there is an attempt" to gain entry into a company's system, he said.

Thirty-eight percent of respondents said their organization is prepared for a sophisticated cyberattack, while 34 percent said they were unsure. Eighty-three percent said they believe cyberattacks are among the three biggest threats facing organizations.

Asked if there is a shortage of skilled cybersecurity workers, 86 percent agreed. Thirty-four percent said they plan to hire more cybersecurity workers in 2015 but expect the search to be difficult. Only 3 percent plan to hire and expect it to be easy to find skilled candidates.

And 54 percent said they find it difficult to identify which new college graduates have adequate skills and knowledge.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags CA TechnologiesregulationsecurityISACAdata breachlegislationgovernmentBarack ObamaRobert Stroud

Featured

Slideshows

Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Top 15 Kiwi tech storylines to follow in 2017

Top 15 Kiwi tech storylines to follow in 2017

​The New Year brings the usual new round of humdrum technology predictions, glaringly general, unashamedly safe and perpetually predictable. But while the industry no longer sees value in “cloud is now the norm” type projections, value can be found in following developments of the year previous, analysing behaviours and patterns to formulate a plan for the 12 months ahead. Consequently, here’s the top Kiwi tech storylines to follow in 2017...

Top 15 Kiwi tech storylines to follow in 2017
Show Comments