Is Data our most important Asset

In cybersecurity we often hear, and say that Data is the new oil, or Data is your most important asset.

But is this true?  If it was, wouldn’t we all work harder to protect it? The headlines are replete with stories of Data breaches of all kinds, from hackers stealing millions of records through to employees erroneously leaving laptops on trains or losing confidential documents. If Data is so important why are we so bad at protecting it?

Perhaps the simple reason is that there is so much Data to worry about. We are certainly living in a world of ‘Information Obesity’, with our digital waistlines being expanded because of the amount of Data we create and consume. 

But is Data our most important asset? I’ve come to the conclusion that it isn’t. So what is our most important asset?

It’s not what you might think.

What I’ve said above may fly in the face of conventional industry thinking, but for over 20 years I’ve seen organisations and individuals struggle to get across the message that Data needs to be protected, and cybersecurity is the solution to protecting this most important asset. 

But we haven’t moved forward. We are still saying the same things, to the same people, in the same industries, and seeing the same breaches, happening in the same way they always have. It’s like living in a digital version of ‘Groundhog Day’, but we’re not improving the situation on each subsequent turn of the dial.

What is the most important asset?

Looking back at some of the most headline grabbing events over recent years, we can see there is one thing that binds them together, and it has nothing to do with the type of breach, the size of the breach or how the breach played out. The one commonality of all the major breaches is that they all resulted in an impact on reputation.

Reputation is our most important asset

If you don’t believe that reputation is our most important asset, here’s a little experiment for you to try. Tomorrow morning go into your board room and tell them that there has been a major Data breach where 500 million records are now being held by hackers, and you are being blackmailed to pay them or they will release the information to the customers and the press. 

Which of the following is most likely to be the response;

a)    “Oh no. This could have a massive impact on our customers. We need to tell them immediately.”

b)    “How did this happen? Who is to blame?”

c)     “This could have a massive impact on our reputation. What do we need to do first?”

Hopefully it will be ‘C’ first, and in truth it is likely to be a combination of all three, but no matter which way you look at it, Reputation is the consideration;

a)    Personal reputation – “This happened on MY watch! What will happen to me?!”

b)    Company Reputation – “How are we going to explain this to customers/clients/shareholders?”

c)     Industry Reputation – “What is this going to look like to our competitors?!”

Data is clearly an extremely important component of any organisation. Without Data there is no information. Without Information there is no knowledge and without knowledge there is no wisdom. A company literally lives and thrives (or dies) on its access to, and appropriate use of Data. This is why the role of Data and Business analysts is becoming ever more important.

What does all this mean?

When a Data breach occurs the question invariably will turn to “what is the impact?” Which is code for “What is the likely impact on our reputation?” We all know that a company thrives on having a positive reputation, why else are there reviews left on Amazon, eBay and TripAdvisor. Indeed the only reason people visit TripAdvisor is to read reviews of hotels and breaks which have good reputations/reviews.

So Reputation is King

If we are to improve the situation we currently face, where organisations continue to suffer data breaches, my advice to every cybersecurity and Data Protection specialist is to change your language (slightly) when talking to the business. 

Rather than talking about how Data is our most important asset, start talking to them about the impact on Reputation (capitalised intentionally) and what that could mean to the business. Ask

a)    How long has it taken us to build our reputation?

b)    What is our reputation in the market place and industry?

c)     What would the impact be on the following, should we experience a breach?

a.     Customers / Clients

b.     Employees

c.     Share price

d.     Share holders

e.     Suppliers

f.      Industry

d)    What steps must we take 1hr, 12hrs, 24hrs and 7days following a breach?

Conclusion

As the saying goes, “It takes a lifetime to build a reputation, but you can lose it in a minute”. Not taking cybersecurity and Data Protection seriously can have serious repercussions and financial implications, but more important than any of this is the impact on your reputation.

Remember you can’t build a reputation on what you’re GOING to do, so take a long serious look at cybersecurity and Data Protection today, and put them on the agenda before they BECOME the agenda.