Survey: Cybersecurity pros endorse data breach notification rules

Three quarters of ISACA members say they support Obama's proposal

More than three-quarters of ISACA members support a data breach notification proposal from President Barack Obama.

More than three-quarters of ISACA members support a data breach notification proposal from President Barack Obama.

U.S. President Barack Obama's call for a nationwide data breach notification law has won strong support from members of one cybersecurity-focused organization.

More than three quarters of ISACA members surveyed by the cybersecurity training and benchmarking organization said they agreed or strongly agreed with Obama's proposal to require breached organizations to notify affected customers within 30 days. Only about 8 percent of the 3,400 respondents said they disagreed or strongly disagreed. Most of ISACA's 115,000 members are IT professionals.

Asked what the biggest challenge companies would face in complying with a breach notification law, 55 percent of those surveyed said it would be a concern over corporate reputation. Other 15 percent said the biggest challenge would be systems not designed for data breach reporting, and 13 percent said increased costs.

More data breach reporting will lead to companies taking new steps to protect their data, said Robert Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies. A new law will make cybersecurity "an agenda item" among company leaders, he said. "There are some organizations potentially not giving this the level of diligence they should."

Obama is expected to call for a breach notification law during his State of the Union speech Tuesday evening. More than 45 states have their own breach notification laws, but there's no national standard. U.S. lawmakers have been trying to pass a national law for about a decade without success.

Obama is also expected to propose new ways to allow organizations to share cyberthreat information with each other and with government agencies, with protection from lawsuits. While some cyberthreat sharing proposals have raised concerns among privacy advocates, the U.S. needs to find ways to allow companies and government agencies to alert each other of attacks, Stroud said.

A threat information-sharing bill would be a "great initiative," Stroud said. "If Washington acts, we hope they take a clear and straight-forward approach, working in close coordination with industry."

The ISACA survey, completed last week, also asked respondents whether they expect a cyberattack to strike their organizations in 2015. Only 46 percent said they expect a cyberattack, while 24 percent said they were unsure.

Respondents may have read the question to mean a major cyberattack, not more common probing of their networks for weaknesses, Stroud said. "At many organizations, probably every day, there is an attempt" to gain entry into a company's system, he said.

Thirty-eight percent of respondents said their organization is prepared for a sophisticated cyberattack, while 34 percent said they were unsure. Eighty-three percent said they believe cyberattacks are among the three biggest threats facing organizations.

Asked if there is a shortage of skilled cybersecurity workers, 86 percent agreed. Thirty-four percent said they plan to hire more cybersecurity workers in 2015 but expect the search to be difficult. Only 3 percent plan to hire and expect it to be easy to find skilled candidates.

And 54 percent said they find it difficult to identify which new college graduates have adequate skills and knowledge.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags CA TechnologiesregulationsecurityISACAdata breachlegislationgovernmentBarack ObamaRobert Stroud

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?