It’s been a common information security event in the news for all too many business enterprises —- e.g. yet another large publicly traded company is the recent victim of a data breach.

The situation is worsened, when not only business information is breached but also millions of customer’s personal and financial information records are compromised.

Who is winning this cyber-security war?  That answer is far too complex to deal with in this short article.  Nonetheless, this article will hopefully give our readers a stronger sense of urgency to pay more attention to risk assessment and risk management when developing their corporate cyber-security related strategic goals and objectives.

We also hope to provide a better understanding of the recent dynamics stemming from these breach events, and, what can be learned from them in planning future strategies to avoid repeating these breach events in the future.


IBM and the Ponemon Institute recently released a report entitled “2015 Cost of Data Breach Study: Global Analysis”.   That report stated that the average total cost of a data breach to a single business enterprise has increased in the past two years by 23 percent to the amount of $3.79 Million dollars.  The report confirmed that such breaches have brought companies both financial and reputational harm — effecting their bottom line.

Now more than ever the job of an information security analyst has become one of the most sought after positions for an organization’s IT department.   The Ponemon Institute also reported that while an information security analyst can truly have an impact on securing a company’s intellectual property, that impact can be more effective if it is directly related to the level of management’s commitment to support that directive throughout the entire organization.

Ponemon also found that the cost of a data breach actually drops when a company’s board of directors plays a more prominent role in the wake of a breach or when a company purchases breach insurance. An involved board of directors suppresses the per capita cost of a breach by $5.50, and insurance, by $4.40.

Click here to read the full Ponemon Report.



Burning Glass Technologies is a well known enterprise which delivers job market analytics that empower employers, workers, and educators to make data-driven decisions.  According to a recent report from Burning Glass Technologies, there has been a 91% growth for information security jobs in the United States alone.  Click here to read this most recent report.


The Information Systems Security Association (ISSA) is a group which provides educational forums, publications, and peer interaction opportunities to the business market.  A recent article posted on ISSA’s website further emphasizes the role people play in security. There are several conferences to help with the skills gap that these positions require. Again when planning risk management and risk assessment methodologies to your organization’s IT Security goals, make sure to include everyone in your organization as being responsible for information security.  Some will simply have more complex involvements than others.

According to the InfoSecurity Magazine, Deputy Editor Michael Hill, there are five factors IT professionals should focus on when managing risk in IT security:

  • Policies and procedures
  • Response plans in the event of a breach
  • Training of people
  • Internal controls
  • Third-party vendor threats


The Association for Information Systems (AIS) is an association which serves society through the advancement of knowledge and the promotion of excellence in the practice and study of information systems. AIS is the premier professional association for individuals and organizations who lead the research, teaching, practice, and study of information systems worldwide.  The AIS has an extensive library of resources to help organizations mitigate the risks of information security breaches.  You might want to view a recent article entitled Information Systems Control: A Review and Framework for Emerging Information Systems Processes  to help your organization better understand the dynamics of information systems control.

Authors of this article believe that we are now in a business environment where data breach is a well validated risk consideration.  Therefore, now more than ever, a growing number of companies have to ensure that the proper and relevant controls are set in place which can mitigate the occurrences of breach within their organization.

Authors: Ben J. Carnevale, Managing Editor and Nina N. Rodriguez, Contributing Writer

Pin It on Pinterest