Businesses Ignore Significant Cybersecurity Risks to Proprietary Data

Knowledge assets are critical to any business remaining functional and competitive, yet this data is routinely exposed to the risk of theft and overlooked in cybersecurity risk management. According to a new report from the Ponemon Institute and law firm Kilpatrick Townsend & Stockton, the organizations are increasingly ineffective at safeguarding data like trade secrets, product design, development or pricing, and other proprietary information.

As breach notification laws, regulatory requirements, and reputation considerations draw more focus to cybersecurity surrounding personal data of customers or personnel, businesses are leaving more risk on the table regarding their most valuable assets, and that risk has a notable price tag.

In the past year, the average cost of remediating these attacks was about $5.4 million, and half of respondents estimated the maximum cost would range over $250 million, with seven out of ten placing it over $100 million. What’s more, on average, respondents believe only 35% of the losses resulting from knowledge asset theft would be covered by their current insurance policies.

The primary drivers of these costs, respondents said, were (out of 100 points):

knowledge asset theft costs

Why are so many businesses failing to take action against the risks to knowledge assets?

knowledge asset data theft risk

Among the findings, the report noted:

  • Theft is rampant. Seventy-four percent of respondents say it is likely that their company failed to detect a data breach involving the loss or theft of knowledge assets, and 60% state it is likely one or more pieces of their company’s knowledge assets are now in the hands of a competitor.
  • Companies don’t know what they need to protect, or how to protect it. Only 31% of respondents say their company has a classification system that segments information assets based on value or priority to the organization. Merely 28% rate the ability of their companies to mitigate the loss or theft of knowledge assets by insiders and external attackers as effective. The great majority who rate their programs as not effective cite as the primary reasons a lack of in-house expertise (67%), lack of clear leadership (59%), and lack of collaboration between different job functions (56%).
  • Executives and boards aren’t focused on the issue and its resolution. A data breach involving knowledge assets would impact a company’s ability to continue as a going concern according to 59% of respondents, but 53% replied that senior management is more concerned about a data breach involving credit card information or Social Security numbers than the leakage of knowledge assets. Only 32% of respondents say their companies’ senior management understands the risk caused by unprotected knowledge assets, and 69% believe that senior management does not make the protection of knowledge assets a priority. The board of directors is often even more in the dark. Merely 23% of respondents say the board is made aware of all breaches involving the loss or theft of knowledge assets, and only 37% state that the board requires assurances that knowledge assets are managed and safeguarded appropriately.
  • Careless employees and unchecked cloud providers are key risk areas. The most likely root cause of a data breach involving knowledge assets is the careless employee, but employee access to knowledge assets is not often adequately controlled. Fifty percent of respondents replied that both privileged and ordinary users have access to the company’s knowledge assets. Likewise, 63% of respondents state that their company stores knowledge assets in the cloud, but only 33% say their companies carefully vet the cloud providers storing those assets.

Thanks in part to the lack of action currently, there is plenty businesses can easily do to improve.

“Companies face a serious challenge in the protection of their knowledge assets. The good news is there are steps to take to reduce the risk,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “First of all, understand the knowledge assets critical to your company and ensure they are secured. Make sure the protection of knowledge assets, especially when sharing with third parties, is an integral part of your security strategy, including incident response plans. To address the employee negligence problem, ensure training programs specifically address employee negligence when handling sensitive and high value data.”

Employee Financial Stress Can Impact Job Performance

Employees stressed out by financial problems could be suffering from lack of sleep and are more prone to depression, heart issues and substance abuse than those with low levels of stress, according to a new study. This anxiety can also impact the workplace in the form of lost productivity, heightened risk of on-the-job accidents and absenteeism.

Most employees worry about their personal finances, with 25% of those surveyed indicating high or overwhelming financial stress. About one-third were assessed as vulnerable to living beyond their means and having serious debt, according to this year’s Stress in America survey, commissioned by the American Psychological Association.

The survey found that:

  • Nine percent of millennial women under age 30 reported overwhelming financial stress compared to 5% of their male counterparts.
  • Lower-income males (making under $60,000 a year) were more likely than lower-income females to report no financial stress, at 13% versus 9%.
  • Women’s stress levels seem to be impacted by the presence of minor children in the household, with 11% of women with minor children reporting overwhelming levels of stress, compared to only 6% without children. Men’s stress levels seem to not be significantly impacted by the presence of minor children, as only 6% of men with children in their household reported overwhelming levels of financial stress, compared to 4% of men without children.

Treatment for financial stress is becoming more common in the workplace. According to a report by Aon Hewitt, 89% of employers are very or moderately likely to implement or expand programs to help employees better manage their money as part of their overall benefits package. The report finds that sleep programs, financial counseling and personal coaching can help stressed employees.

Issues resulting from financial stress include:
Infographic_StressReport

5 Analytics Tips for Your Chief Safety Officer

Safety data
Industries on average experience 3.2 non-fatal occupational injuries per 100 full-time workers, according to the U.S. Bureau of Labor Statistics. Some industries have nearly four-times this rate. Similar statistics exist for workplace illnesses and, unfortunately, fatalities. Could analytics be a solution for lowering these statistics?

Companies today gather huge volumes of operational and enterprise data, plus they have access to myriad sources of external data such as weather, traffic and social media. Unfortunately, this data is normally stored and analyzed in siloed data systems that are scattered across the enterprise. There are, however, steps a chief safety officer (CSO) can take to apply analytics to all available data to reduce incidents and, therefore, safety-related costs.

Here are five steps CSOs and other safety leaders can take to be smarter about data and safety.

1. Know your network

To reduce incidents and therefore safety-related costs for your organization, you need to know the what, where, when, why and how of accidents. After all, accidents happen at a specific time and place, and involve specific people and pieces of equipment. Knowing your network of time, place and equipment speeds up response time when accidents happen, and can even prevent them.

Analytics systems are now able to correlate, analyze and visualize operational, enterprise and external data from across your company. The resulting information can identify the situations, patterns and trends that indicate hazardous but preventable conditions. You can more clearly see the job roles, work sites and times of the day or week that pose the greatest risk. This information lets you invest your time, money and effort where it has the greatest impact.

2. Collaborate across departments

When you have analytics illuminating the times, places and activities of greatest risk, share that with everyone who can help reduce that risk. Workers and their supervisors need to know what the data indicate about risk, so that they can make appropriate changes. Your facilities department needs to know that some aspects of a work site—lighting, ventilation, access and drainage—contribute to unsafe conditions. Human Resources needs to know what training and certification is required, or should be offered, to increase staff potential.

But collaboration isn’t simply feeding analytics to various job roles. It is important that all those roles—operations, facilities, HR and more—share the same view of analytics in order to work together to address dangerous conditions before something happens.

3. Learn to trust your own data and analytics

There is now too much data arriving too quickly for us humans to manually gather and analyze. It’s still common for business and risk analysts to spend 80% of their time gathering data and only 20% applying it to solving problems. Analytics systems that correlate and analyze multiple data sources flip that equation, enabling analysts to spend 80% of their time acting on insights from data to solve problems.

While you might be willing to trust the math of analytics, your are probably like a lot of leaders who don’t trust their data. Many leaders believe their data is too incomplete, inaccurate, outdated or irrelevant to support an analytics program. When people say this, I usually ask them how they know their data is bad. Until you work with your data, you don’t really know its condition. When you start working with your data to solve a use case, you can address any data quality issues related just to that use case, without needing to somehow fix all of the data.

4. Look for analytics-leveraging skills when hiring

There is a witticism in the business world that “Culture eats strategy for breakfast.” While sayings like this can be cliché, in the case of analytics, this one is true. If your human and work culture doesn’t embrace data-driven decision making, any analytics strategy faces uncertain odds of success.

To establish an analytics culture within your organization, hire people who are comfortable exploring and applying data. You don’t necessarily need to hire data scientists, as that skillset is available from consultants and vendors if and when it is needed. You do, however, need people who are curious and capable of working with each other, and with data scientists, to formulate inquiries, pursue those inquiries, and apply the insights they discover.

5. Start small, but start now

Existing company safety programs that are not data-driven struggle to show their impact. That makes funding harder to justify, which can mean safety programs grow stale over time. If you’d like your organization to be better at safety and analytics, but struggle to measure the effectiveness of your investment in safety programs, it is possible to start small.

Any CSO can immediately identify their most dangerous job role or location. Start with one of those dangerous situations, use data to drive tangible changes in facilities, tools, process or training, and measure the results.

It is really that simple. You can start small, but at least start—now—and make safety a priority.

New Rail Tank Car Usage Promises Safer Crude Oil Transport

Added capacity of pipelines used to transport crude oil and declining prices are contributing to decreasing transport of crude oil—and an almost 97% drop in the use of older, less safe transport cars between 2014 and the end of March, Gannett reported this week.

Rail tank car shipments of crude oil from the Bakken oil fields in North Dakota have declined from a peak of 498,271 in 2014 to 424,996 in 2015, according to the Association of American Railroads. An AAR official made the announcement at a rail tanker car safety forum sponsored by the National Transportation Safety Board, according to Gannett.

In the December 2013 report “Moving Crude Oil by Rail,” the AAR noted that the rail industry has been urging federal regulators “to toughen existing standards for new tank cars” and recommended that the estimated 92,000 existing tank cars used to transport flammable liquids, including crude oil, be retrofitted with advanced safety-enhancing technologies, or phased out if they cannot be upgraded.

While there are obvious issues with the transportation of oil by rail, the AAR has pointed out that railroads have an excellent safety record with crude, even surpassing pipelines in recent years. But the industry and federal regulators acknowledge there is much room for improvement.

The new, safer tank cars have thicker steel shells, insulating materials, full-size metal shields at each end and improved outlet valves underneath the car. Increased use of the new cars is good news for densely populated areas on the east and west coasts that have numerous trains—often of at least 100 tank cars—moving through daily.
DOT 117 train car
A transportation law, the FAST Act, signed by President Obama in December 2015, includes new mandates for freight trains transporting crude oil through the U.S. The law requires that older tank cars be replaced by the newer, safer car for shipping flammable liquids by March 1, 2018, phasing out the older model used, according to the U.S. Department of Transportation.

A rail disaster in Lac-Mégantic, Canada, on July 26, 2013, that killed 42 people brought a heightened focus on the dangers of transporting highly flammable Bakken crude oil by train.

According to the DOT, the rule also:

  • Requires an enhanced tank car standard and an aggressive, risk-based retrofitting schedule for older tank cars carrying crude oil and ethanol.
  • Requires a new braking standard for certain trains that will offer a higher level of safety by potentially reducing the severity of an accident.
  • Designates new operational protocols for trains transporting large volumes of flammable liquids, such as routing requirements, speed restrictions, and information for local government agencies.
  • Provides new sampling and testing requirements to improve classification of energy products placed into transport.