Why is Information Security Important?
To fully understand why information security is important, one needs to understand both the value of information and the consequences of such information being compromised.
The Value of Information
To understand the value of information, let’s start by examining some typical information held by both businesses and individuals. At the very least, businesses will hold sensitive information on their employees, salary information, financial results, and business plans for the year ahead. They may also hold trade secrets, research and other information that gives them a competitive edge. Individuals usually hold sensitive personal information on their home computers and typically perform online functions such as banking, shopping and social networking; sharing their sensitive information with others over the internet.
As more and more of this information is stored and processed electronically and transmitted across company networks or the internet, the risk of unauthorised access increases and we are presented with growing challenges of how best to protect it.
When you leave your house for work in the morning, you probably take steps to protect it and the contents from unauthorised access, damage and theft (e.g. turning off the lights, locking the doors and setting the alarm). This same principle can be applied to information – steps must be put in place to protect it. If left unprotected, information can be accessed by anyone. If information should fall into the wrong hands, it can wreck lives, bring down businesses and even be used to commit harm. Quite often, ensuring that information is appropriately protected is both a business and legal requirement. In addition, taking steps to protect your own personal information is a matter of privacy retention and will help prevent identity theft.
When information is not adequately protected, it may be compromised and this is known as an information or security breach. The consequences of an information breach are severe. For businesses, a breach usually entails huge financial penalties, expensive law suits, loss of reputation and business. For individuals, a breach can lead to identity theft and damage to financial history or credit rating. Recovering from information breaches can take years and the costs are huge. According to the Ponemon institute, the average cost of an information breach during 2008 was $202 per record breached. So, if 100,000 records were breached, the average cost for this breach would be $20 million! 70% of this cost is down to lost business as a result of the breach.
A recent, well publicised information breach occurred at the popular TJX clothing company during 2006/7, when over 45 million credit/debit cards and nearly 500,000 records containing customer names, social security and drivers license numbers were compromised. This information is believed to have been compromised due to inadequate protection on their wireless networks, leaving the information exposed. The final costs of the breach are expected to run into the $100s of millions and possibly over $1 billion.
You may think that the likelihood of an information breach affecting you is rare, but this could not be further from the truth. Just take a look at the following link that lists recently recorded information breaches in the US: http://www.privacyrights.org/ar/ChronDataBreaches.htm#CP