Cyber threat facing the US
The last 14 months
saw the compromise of
more personal records
than there are US
citizens.
348.16 million US records compromised in 2014.
A Gallup poll found hacking was the
top crime Americans worry about, above
murder, assault, and terrorism.
1
Obama’s Personal Data Notification and Protection Act
...If we don’t act, we’ll leave our nation and our
economy vulnerable...
... we’re introducing new legislation
to create a
single, strong national standard
so Americans know when their information has been stolen or
misused...
...Will require American companies to notify a�ected individuals
within 30 days of their personal information
being lost in online breaches...
...The Department of Justice could enforce
up to 10 years in prison
if you are found in breach of the law...
How do you feel about Obama’s proposed legislation?
Greatest challenge for companies:
“Although the US is taking steps in the right direction in creating a single, national law to combat the problem, individual enterprises have a duty to protect themselves and their customers now.”
Get cyber secure before it’s too late
I strongly agree with the proposal
I agree with the proposal
I neither agree nor disagree with the proposal
I disagree with the proposal
I strongly disagree with the proposal
Increased cost Not enough human resources
Systems not designed for this
Concern over corporate reputation
Other
17%14% 17%
40%
12%
IT Governance’s fixed-price ISO27001 packaged solutions enable organizations of all sizes, sectors, and locations to implement ISO27001 easily and cost-effectively.
Find out which ISO 27001 solution is right for you »
Cybersecurity skills shortage
The Basics
Do It Yourself
Get A Little Help
Get A Lot Of Help
We Do It For You
5% 7% 18% 34% 36%
YesDo you expect a cyber attack to strike
your organization in 2015?
54%
Do you think cyber attacks are among the three biggest threats facing
organizations today?
Yes 88%
Is your organization prepared for a sophisticated cyber attack?
No Unsure29% 28%
...41%expect difficulties finding skilled candidates because...
...90%believe there is a shortage of skilled cybersecurity professionals.
cybersecurity awareness training for staff58% plan to increase
Alan Calder, Founder and Executive Chairman of IT Governance
2014’s many high
-profile
information secu
rity
incidents are es
timated to
be up 27.5% on 2
013.
Data BreachNoti�cationLaw
209,000 unfilled positions... ...74% upon last
five years.
in 2015.
is the ONLY international cybersecurity standard that can help organizations PROTECT, COMPLY, and THRIVE.
ISO 27001
IT Governance LtdUnit 3, Clive Court
Bartholomew's WalkCambridgeshire Business Park
Ely, Cambs CB7 4EA
United Kingdom
www.itgovernanceusa.com© IT Governance Ltd
2
2
3
4
4
4
5 5
4 4
4
6
6
7
7
4
4
Sources:
1. ITRC Data Breach Report 2014 - Identity Theft Research Center, December 20142. 348 million US records compromised in worst year of data breaches - IT Governance USA Blog, January 20153. Will Obama finally change cybersecurity in America? - www.cnet.com4. 2015 Global Cybersecurity Status Report - US Data - ISACA, January 20155. With more than 200,000 unfilled jobs, colleges push cybersecurity - www.pbs.org6. President Obama calls for federal data breach notification legislation as US military accounts are hacked - IT Governance USA Blog, January 20157. Obama's Computer Security Solution is a Mishmash of Old, Outdated Policy Solutions - www.eff.org8. The ISO Survey of Management System Standard Certifications – 2013
Need for a common lawThe US is currently protected by a patchwork of 47 state data breach notification laws.
AlabamaNew MexicoSouth Dakota NO LEGISLATION
US organizations are recognizing ISO27001 as the international standard for information security.
Number of ISO27001 certificates in the US:
2007 2008 2009 2010 2011 2012 2013
94
168
252 247
315
415
566
The Standard provides an information security management framework and registration scheme that helps organizations win international business and strengthen their supply chain assurance.
8
A data breach can happen to any organization at any time, but having robust cybersecurity measures in place limits its likelihood and mitigates repercussions considerably.
