What's Wrong with the Current State of Data Security


Data Security blog pic
Data Security is essential in a world full of technology, especially within the event industry. The pandemic caused many events to go virtual over the past year. Data attackers have noticed this, and have begun to take advantage of the circumstances. An increase in attacks makes data security more important than ever.

Despite the importance of data security, some organizations are in a state of complacency, leaving themselves vulnerable to attacks. Below are a few of the common misconceptions surrounding data security that may be holding back your security efforts.

  1. If a breach occurs, we can survive it.

Many organizations believe that if their data were to become compromised that while it may be inconvenient, they would be capable of returning to business as usual. However, this is not always the truth, especially for smaller organizations. On average, a data breach can cost a US-based company $8.19 million, with the average cost being $242 per breached record (Digital Guardian).

A simple cost-benefit analysis may show the actual damages consisting of costs associated with contacting clients, litigation fees, and settlement claims, but the most crucial element is unmeasurable. That is the reputational damage that comes with a breach of security. The loss of business is the number one cost of data breaches today (UpGuard). As an organizer of events, attendees and participants trust you with very sensitive information, and a breach causes them to lose confidence that you can keep their data safe. For a small organization, there’s no guarantee that you can gain that confidence and trust back. For larger organizations, it can still be challenging to regain clients’ trust without a solid plan and much investment.

  1. Our organization is too small to attract attackers

Too often small organizations are caught off guard by attacks because they are under the impression that attackers only go after big organizations. In reality, small organizations are often more attractive to attackers than big organizations, with 43% of cyber-attacks targeting small businesses (Fundera) and 86% of breaches seeking financial gain (Digital Guardian).

Attackers understand that small organizations may not have the same investments in data security that larger organizations may have. Also, attackers can often use access gained to a small organization to attack any big organization the smaller organizations may be working with. As we talked about in the last section, small organizations often have the most to lose in the event of a breach and would have a difficult road ahead of them in rebuilding their reputation.

  1. We adhere to the proper industry regulations, so we are safe.

Another common belief is that industry regulations and standards are always enough to protect your data. The fact of the matter is, not all companies are the same, not to mention industry standards and regulations are simply minimum protection requirements that all organizations will meet.

Nearly 50% of U.S. companies have experienced a data breach (Comparitech). While something works for one organization, it may not work for all organizations. Also, data attackers are constantly learning and evolving past these standards, so getting caught chasing one standard to the next, can leave you one step behind attackers. The most secure organizations use data industry standards and regulations as a starting point and do everything they can to improve their efforts beyond there. About 75% of organizers plan to continue running hybrid events, at least through 2022 (MIT Magazine), so the virtual presence of events isn’t going away anytime soon. Therefore heightened threats of data attacks are here to stay as well.

  1. What can you do?

Are you confident that your tech providers are doing everything they can to prevent a breach of your data? How do they ensure the security and integrity of the event data they host for your customers and attendees? Here are a few questions to ask your service provider:

    • Have they completed a SOC 2 assessment or a PCI survey? 
    • Do they have an incident management plan?
    • Have they done quarterly tabletop exercises?

These questions could be the determining factor in whether your organization is ready for the threats of today’s digital environment. To learn more about data security and how to evaluate your current event tech provider, download our Event Marketer’s Guide to Data Security. This guide will teach you what you need to know about data security and provide you with a few questions to ask your event service provider to ensure that they are keeping your data safe. When it comes to data security, please don’t wait until it’s too late.