One of the questions that I am sometimes asked is how important cybersecurity really is in terms of its true value for businesses.
“Everyone has already been breached, and there is no privacy anymore,” the question goes. “So why should I spend so much money to protect my data that has already leaked or will probably eventually leak anyway?”
While such a question is fair, appropriate, and powerful, it makes several incorrect assumptions, and it does have an excellent answer.
In terms of the erroneous reasoning, it is important to understand that while there certainly have been many serious data breaches in recent years, the vast majority of sensitive information belonging to both individuals and businesses has not yet been compromised. Consider what data typically leaks during most breaches – databases of usernames and passwords, credit card numbers, etc.; while there certainly are exceptions, in general we do not find that hackers have successfully stolen the full email archives, research and development records, and other extremely sensitive materials belonging to most corporations. Furthermore, new sensitive material is created every day – so even when such data is stolen, data created after the breach (which may also contain information as to the organization’s investigation into the breach as well as how it plans to prevent similar breaches in the future and) may be secure.
Additionally, privacy is not dead – for those who seek it and are willing to forgo certain conveniences, privacy is both alive and well. Of course, privacy is not a black-and-white type of concept either; there are many levels that are possible, and people will arrive at different wants when they weigh the pros and cons of using any privacy-compromising offering or setting.