“There are three kinds of pipe. There’s aluminum, which is garbage. There’s bronze, which is pretty good, unless something goes wrong. And something always goes wrong. Then, there’s copper, which is the only pipe I use. It costs money. It costs money because it saves money.”
While this sounds like a stereotypical sales pitch – for which it was portrayed in one of my favorite movies of all time, Moonstruck, by the great Cosmo Castorini – we have found that when it comes to Risk Management, Information Security, and Data Privacy, there is truth in jest. My analogy will follow that Aluminum is likened to a limited budget, staff, and a reactive approach to Risk Management, Information Security, and Data Privacy.
Bronze is likened to proprietary versions of information security and privacy where there may be limited budget and resources. Bronze is more a minimally proactive posture. The challenge here is keeping up with all the moving parts when it comes to Risk Management, Information Security, and Data Privacy. “Unless something goes wrong. And something always goes wrong.”
Then there is Copper. This is the type of Risk Management, Information Security, and Data Privacy Program that Layer 8 Security believes in. A comprehensive, prioritized, well thought out proactive program implementation. And we believe by implementing the Common Security Framework (“CSF”) that HITRUST provides is one of the best ways to use Copper.
I want to be clear that you don’t always need a large budget to implement the HITRUST CSF. There are ways Layer 8 Security can help various sized companies to implement the HITRUST CSF and yet maintain a high value to cost ratio and maximize return on investment.
IBM’s 2019 Cost of a Data Breach Report places the average cost of a data breach to $150 per record. That comes out to close to $3.9 Million per year. Healthcare is the costliest industry and the United States is the most expensive country. Healthcare is closely followed by Financial, Energy, Industrial, Pharma and Technology industries.
Even more alarming than the cost is the average lifecycle of a data breach. It is a statistical fact that the average time to identify and contain a breach is 279 days with the lifecycle of a malicious attack from breach to containment being 314 days. These are only the immediate costs of a data breach. The longtail costs will span years with 67% of the costs occurring in the first year, 22% occurring in the second year, and 11% for several years thereafter.
Layer 8 Security can help implement a practical, phased approach to established an Information Security and Data Risk Management program – we take a layered and phased approach to implementing a continuously improving methodology framework, using HITRUST CSF Certification as the end goal.
While any company can simply push the button to implement the HITRUST CSF we believe in a more prepared and proactive approach that can help significantly reduce the cost and improve the success rate of HITRUST CSF Certification. Why HITRUST?
Benefits of the HITRUST CSF in Risk Management, Information Security, and Data Privacy
The HITRUST CSF incorporates existing, globally recognized standards to reduce the risks of non-compliance. The HITRUST CSF is scalable according to the size, type and complexity of your company. It provides clear, actionable guidelines in a prescriptive format and continuously evolves with changing regulations, industry best practices and state of the art technology to help you navigate in an ever-changing information security and privacy ecosystem.
We invite you to a free consultation with one of our HITRUST SMEs to talk about how Layer 8 Security and HITRUST CSF Preparation and Certification can help you protect your business – “Our Business is keeping you in Business.”
Remember – you can use Aluminum or Bronze. But Copper is the pipe we recommend using. “It costs money. It costs money because it saves money.”