Conduct and Culture Team

The Rise of the Internet of Things and Cyberattacks

Have you heard of the Internet of Things? If not, it’s a vast and growing network of digital devices and their related technologies, such as WiFi and online portals, that share data through the internet.

Consumers will use an estimated 6.4 billion connected “things” in 2016. That’s 30 percent more than last year-and the number is expected to climb to 20.8 billion by 2020. All of these “things” represent potential weak spots in a company’s data security.

And as the Internet of Things has grown, so have cyberattacks. The number of attacks has escalated by 176 percent in the past five years, and more than eight in 10 organizations say they’ve experienced data breaches.

The cost of each data breach is increasing too. One study found that the average total cost grew 23 percent over the past two years to $3.79 million. Businesses that suffer a breach must pay, on average, $154 per lost or stolen record – a six percent increase from 2014.

When you consider that the average incident involves 28,070 compromised records, those costs add up fast.

It’s not just a problem for large corporations, either. Small and medium-size businesses are also at risk. In the digital age, it’s not so much about the size of a company’s revenue or payroll as it is about the amount and sensitivity of customer data they collect.

Despite the high stakes, a shocking number of businesses lag behind when it comes to protecting their customers’ information. More than 90 percent of companies faced data privacy challenges in 2015, yet nearly a quarter of them failed to implement any kind of data privacy policy – often a company’s first line of defense against privacy breaches.

How to Protect Your Customers’ Data

Still, having a privacy policy is no guarantee that customer data will be safe. As many as 82 percent of companies have employees who blatantly disregard privacy policies.

As a result, 61 percent of data breaches are ultimately committed by employees; around 36 percent stem from employee mistakes, while another 25 percent are initiated by malicious insiders.

Employee error aside, outside hackers still pose a significant threat to businesses. It’s up to leaders to prioritize creating secure information systems for their customers. Despite the immediate threat posed both by employees and cybercriminals, more than a third of IT professionals say data privacy isn’t even on their executives’ radar.

To help prevent data breaches, companies should:

1. Train employees on data privacy.

Just having a data privacy policy in place isn’t enough. More than half of businesses lack employee awareness or understanding of these policies, and 36 percent don’t have processes for training or auditing employee behavior when it comes to data privacy. This makes it essential for organizations to provide adequate data privacy training to employees who have access to consumer, employee or company records.

2. Limit data access.

The less customer data employees have access too, the fewer opportunities there are for a data breach (intentional or otherwise). By setting up multiple levels of user access within your company, you can limit employees to only the information they need to do their jobs effectively.

3. Protect employee mobile devices.

Nearly a third of U.S. employees store corporate data on their personal smartphones, and more than 70 percent of IT decision makers consider mobile devices to be a major security risk for businesses. To manage mobile-related risks companies can use remote wiping capability as a key tool. Additionally, businesses can require employees to notify the company if a device is lost or stolen.

4. Use data loss prevention (DLP) tools.

A DLP platform offers a heightened ability to monitor and track data. It also allows business leaders to automate and enforce policies regarding how customer data is used and transferred. For example, the software can block any files containing a Social Security number from being sent outside the company. While DLP technologies are typically recommended for larger businesses, they’re also helpful for smaller companies with big data privacy needs.

5. Obtain a data security audit from a third party.

A security audit performed by an outside party can provide an objective review of your data privacy infrastructure as well as recommendations for bulletproofing your information security system.


With several high profile corporate data breaches in the not-too-distant past, customer data security is a major issue for many businesses-and it’s only going to continue to grow. Companies that are proactive about protecting their customers’ information will have the advantage as information privacy demands continue to grow.