Penalties do not improve security
Despite the heavy penalties applied, most information security professionals believe that companies will not place the necessary emphasis on cyber security solutions to prevent these types of situations. It is not yet known whether public visibility and repercussions will drive corporations to pursue stricter security measures.
Mary T. Frantz, founder of Enterprise Knowledge Partners, says data breach cases spur cyber security spending, but they are losing strength over time. “I have observed a pattern in many industries where corporations provide ample funding to information security departments following a data breach. After a year or two, however, companies dramatically reduce information security funding, often before all planned security improvements are completed, ”explains the expert.
Example for other companies
Norm Siegel, a consumer protection leader in the Equifax deal, believes security professionals and executives should take the case seriously. “We have been able to ensure significant improvements in data security, including a large capital commitment backed by a court order, which is another important feature of this agreement that may be an impediment to executive cyber security negligence,” he says.
However, the difficulty in understanding the impact of data breaches is likely to drive even more companies on the path Equifax follows. "Consumer advocates continue to play a key role in corporate accountability," said Amy Keller, an attorney with the Equifax agreement.
The agreement “demonstrates that consumers refuse to accept that data breaches are the 'new norm'” and “not only compensate consumers for the time and money they spend as a result of the breach, but also ensure that consumers have the tools needed to protect themselves in the future, ”he adds. For Keller, "If companies profit from their data, they have a duty to protect that data."
Click here: Equifax Data Breach









