In recent months, with the continued growth in highly public data breach incidents, we began looking at how organizations assess their level of exposure to data breach risk. I suspect if you ask the CEO of most public companies or public sector organizations about their level of risk, that they would tell you that they are “highly secure” and maintain excellent practices to prevent the misappropriation of personal information of their customers, patients, employees, students and other affiliates.
For many firms, they have to meet security and compliance requirements that are necessities in their industry, such as PCI for those that handle credit card information and HIPAA for healthcare organizations. Historically I think that they felt such rigorous compliance requirements could ensure their safety from the risks of data breach.
However, the recent past demonstrates that no organization is really immune to a potential data breach incident. The very visible Heartland Payment Systems breach affected many millions of Americans who’s credit cards were processed by Heartland, an organization that had to adhere to very strict security standards set for the financial industry and their payment processors. This seeming inconsistency between a perception of being immune from data breach risks with the rapid growth in data breach incidents, led us to think about whether organizations can “quantify” their level of data breach risk.
We were somewhat surprised that there isn’t much available to organizations to help them in measuring and scoring their level of data breach risk. Given this situation, we began to look at how we could model and quantify risks specific to the breach of personally identifiable information (PII) and personal health information (PHI), since it is the unauthorized release of this information that is regulated by state and now federal laws.
To this end, we created what we call the Breach Healthcheck(tm), tool that uses a proprietary model to assists organizations in quantifying two dimensions of measurement into a Breach Protection Index(tm) — measuring both an organizations level of data breach exposure as well as their level of data breach protection. Breach Healthcheck then maps this index onto a two dimensional risk map that allows organizations to get a visual indicator as to their level of data breach risk.
Our sense is that organizations that are trusted to hold PII and PHI will find it useful to be able to measure their level of data breach risk, and to understand the primary areas where their practices may lead to unanticipated levels of risk. To get complimentary access to the Breach Healthcheck tool, qualified organizations can contact ID Experts at www.idexpertscorp.com or866-726-4271.