The recent HSBC fine shows the potential cost of data loss. But it is just the latest in a long line of high profile names to get caught failing to protect their sensitive customer data. History shows us that penalties do not result in wholesale improvements in security practices across the industry. The reality is that the greatest threat comes from a lack of process, knowledge, education and awareness – from the very top of an organisation, all the way down.
Maybe it is time for information security to take a leaf out of the much-maligned Health and Safety Executive manual. With proper process, an obsessive attention to detail, and staff awareness to the point of saturation, it is possible that the message just might get through.
While HSBC will survive and its customers will soon forget the incident, smaller business may not fare so well. If companies want to avoid costly claims and embarrassing headlines, they should learn about the benefits of a process driven approach.
David Cowan, Head of infrastructure, Plan-net