Survey: Cybersecurity pros endorse data breach notification rules

Three quarters of ISACA members say they support Obama's proposal

More than three-quarters of ISACA members support a data breach notification proposal from President Barack Obama.

More than three-quarters of ISACA members support a data breach notification proposal from President Barack Obama.

U.S. President Barack Obama's call for a nationwide data breach notification law has won strong support from members of one cybersecurity-focused organization.

More than three quarters of ISACA members surveyed by the cybersecurity training and benchmarking organization said they agreed or strongly agreed with Obama's proposal to require breached organizations to notify affected customers within 30 days. Only about 8 percent of the 3,400 respondents said they disagreed or strongly disagreed. Most of ISACA's 115,000 members are IT professionals.

Asked what the biggest challenge companies would face in complying with a breach notification law, 55 percent of those surveyed said it would be a concern over corporate reputation. Other 15 percent said the biggest challenge would be systems not designed for data breach reporting, and 13 percent said increased costs.

More data breach reporting will lead to companies taking new steps to protect their data, said Robert Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies. A new law will make cybersecurity "an agenda item" among company leaders, he said. "There are some organizations potentially not giving this the level of diligence they should."

Obama is expected to call for a breach notification law during his State of the Union speech Tuesday evening. More than 45 states have their own breach notification laws, but there's no national standard. U.S. lawmakers have been trying to pass a national law for about a decade without success.

Obama is also expected to propose new ways to allow organizations to share cyberthreat information with each other and with government agencies, with protection from lawsuits. While some cyberthreat sharing proposals have raised concerns among privacy advocates, the U.S. needs to find ways to allow companies and government agencies to alert each other of attacks, Stroud said.

A threat information-sharing bill would be a "great initiative," Stroud said. "If Washington acts, we hope they take a clear and straight-forward approach, working in close coordination with industry."

The ISACA survey, completed last week, also asked respondents whether they expect a cyberattack to strike their organizations in 2015. Only 46 percent said they expect a cyberattack, while 24 percent said they were unsure.

Respondents may have read the question to mean a major cyberattack, not more common probing of their networks for weaknesses, Stroud said. "At many organizations, probably every day, there is an attempt" to gain entry into a company's system, he said.

Thirty-eight percent of respondents said their organization is prepared for a sophisticated cyberattack, while 34 percent said they were unsure. Eighty-three percent said they believe cyberattacks are among the three biggest threats facing organizations.

Asked if there is a shortage of skilled cybersecurity workers, 86 percent agreed. Thirty-four percent said they plan to hire more cybersecurity workers in 2015 but expect the search to be difficult. Only 3 percent plan to hire and expect it to be easy to find skilled candidates.

And 54 percent said they find it difficult to identify which new college graduates have adequate skills and knowledge.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags governmentregulationISACAlegislationBarack ObamaCA TechnologiesRobert Stroud

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Father’s Day Gift Guide

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?