- Forrester Councils
- Councils Overview
- log in
Posted by Heidi Shey on April 23, 2014
In a research world where we collect data on security technology (and services!) adoption, security spending, workforce attitudes about security, and more, there’s one type of data that I get asked about from Forrester clients in inquiry that makes me pause: breach cost data. I pause not because we don’t have it, but because it’s pretty useless for what S&R pros want to use it for (usually to justify investment). Here’s why:
That’s why I refer to breach data as unicorn data; I’m always on the hunt for it, have to remind myself that what I see is one thing and what I’m looking to really get is a fantasy, but that’s okay because I love it anyway! I don’t think we should stop trying to estimate and collect breach cost data. We do need to change our expectations for how we use it by understanding what we’re actually looking at (and what may be missing from this) when we see these types of numbers. S&R pros need to rethink how they can best justify and prioritize security investments and rally the business behind them. Forrester has previously published research on information security economics that can help: 101, 102, and 103. In addition, it’s time to start thinking of protecting customer data as a corporate social responsibility, and not to check off boxes for compliance or a thing that must be done so you can avoid some nasty breach costs.
What does your organization consider a corporate social responsibility? Is protecting customer data one of them? Why, or why not?
I’ll also be speaking on this topic of protecting customer data as a corporate social responsibility and sharing a bit of breach cost data (with caveats, of course) at Forrester’s upcoming US Tech Management Forum in May. I hope to see you there!
Lead BT Transformation
Develop customer-obsessed strategies to drive growth »
Forrester's CX Index
Predict how actions to improve CX will affect revenue performance.
Measure the customer experiences that matter most »