Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.
Show Notes: The True Cost of a Data Breach
Quick Take
On this episode of Compliance Unfiltered, Adam and Todd get into an in-depth discussion on the overarching “why behind the what” of Data Breaches.
The CU guys will cover, at length, the ethos behind most data breaches – Why and how they occurred, and how they can be avoided in the future.
Think your company is too small to be impacted by a data breach? Thinking that your mom-and-pop operation wouldn’t be of much interest to the bad guys? Well, you’d be dead wrong, and Adam will show you exactly why that is.
All these answers and more, on this week’s Compliance Unfiltered.
Remember to follow us on LinkedIn and Twitter!
Read Transcript
So let’s face it, managing compliance sucks. It’s complicated, it’s so hard to keep organized, and it requires a ton of expertise in order to survive the entire process. Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less.
Now, here’s your host, Todd Coshow, with Adam Goslin.
Well, welcome in to another edition of Compliance Unfiltered. I’m Todd Coshow, alongside the Wasabi, to your compliance umikaze. Mr. Adam Goslin, how the heck are you, sir? I’m doing good. We happen to be recording this right after Thanksgiving, so still kind of recovering from all the food and all that fun stuff. Yeah, a straight diet of tryptophan will get you over a couple of days, I’ll tell you what.
But listen, Adam, before we get started this week, I wanted to take a second. You know, I just wanted to thank the folks that listen to us each and every week, and just let them know that we greatly appreciate them, and wanted to ask a favor. If you listen to the podcast and you’re a fan, tell a friend who works in the space, or who doesn’t work in the space and just likes witty banter about compliance, share the podcast, write a review for us, it really helps us in the rankings. Let them know that Compliance Unfiltered is their spot for compliance talk. We’d really appreciate it. Share the Compliance Unfiltered love out there, Adam. And yeah, we just want to thank the listeners each and every week for their time and effort. Yeah, and you know, I’ll follow on to that. I totally agree. We’re very appreciative for the listeners tuning in. And hopefully, hopefully we give them a little, a little levity in the, you know, as they’re trudging through their compliance hell. But you know, long story short, if you, if you know somebody that is attempting to manage their compliance engagements with spreadsheets for all. They still exist. For all that’s holy and true, do me a favor. Tell them about TCT. You know, the reality is, is that we got into this space, you know, well over a decade ago to help people make compliance management suck less. You know, have good, go send them over to gettct.com so they can get connected with us. We’d really appreciate it. I can say with assurance that they, they will as well, just a fun, fun sideline fact.
It was, we had a call today. We had a call today with an organization that’s coming on. And this poor lady’s been dealing with managing her engagement through spreadsheets and just hating every minute of it. And it was, it’s part of what kind of jazzes me up about just watching the light bulbs go on, you know, with the folks that, you know, kind of make that migration from spreadsheet world to, hey, I’m going to actually use a system to go do this better. It was just freaking great watching the light bulbs going on, going on. Oh, that’s exactly why I started this company. So it’s just, it is an absolute freaking blast being able to accomplish that goal of helping people make compliance management suck less. It’s just, it warms my heart. Absolutely, absolutely.
Well, hey, let’s get into it, Adam. One of the most hotly talked about topics in the security and compliance space. We’re chatting about it today, Adam. Let’s talk about the cost of a data breach. So let’s start with the head space of most companies. Why do they really seem to take, why don’t they really seem to take a breach seriously? You always hear about folks going, yeah, well, you know, we’ll sort it out if it happens. It’s really, it can’t be that big of a deal, can it? Well, for most of these organizations, you know, most, it’s funny, the kind of head space that they get into. You know, most of them, they just straight, they figure, well, it’s never going to happen to me. Whether it’s I’m too small or we don’t have enough interesting stuff for somebody to care about. You know the reality is that every single organization out there, You know is a target, and that’s what that’s what these guys are missing You know there’s a lot of companies that you know they find themselves You know kind of getting it get there. They’re getting up. They’re getting ready to go into their miscellaneous Tuesday and you know and all of a sudden you know the company starts getting lit up on Google and things are hitting the news and you know and whatnot, and it’s the beginnings It’s a starting point for these organizations that you know Houston , We have a problem. And I’ll tell you what man. They’re probably for most people especially those in IT you know there aren’t many days that are gonna suck more than that day, and it’s gonna suck for a while so, you know, it’s just strange how these organizations, they kind of just go under this delusion that it’s not going to happen to me. So it’s a little crazy.
Well, what type of companies do security issues impact? Like is it only certain verticals or only certain large companies? How does that work? Well, the thing that the listener needs to realize, you know, and actually this is a perfect topic. If you’ve got folks that are delusional about their state of security and it’s not going to happen to me, this might be the podcast to go fire over their way. You know, the one thing that they don’t understand is that the bad guys, what they do when they’re out and searching for targets, a lot of people, yes, there are certain attacks which are absolutely directed attacks at specific companies or specific people at companies with a specific objective. That is quite frankly, the rare exception, that it’s some type of a targeted attack. More often than not, what the bad guys are doing is they’re basically, you know, rando going through IP addresses. And the example that I give to people is this. Okay, you think back, right? To back in the day, some of the younger listeners aren’t even going to be able to relate to this, but the ones that have a little gray going on, definitely will, you know, but you go back to the days when we used to have the unlisted phone numbers, right? And so you paid, what you’d have to do is you have to pay money to the phone company and you would end up getting your telephone number unlisted. And that was supposed to get cut way down on people, you know, calling your phone and doing sales calls and things like that. That would keep you out of the… yellow pages, so your phone number wasn’t listed, because at the time that was the only way you could find phone numbers and whatnot, so you could keep yourself out of the yellow pages, white pages of the phone book, if you will. And that would supposedly cut down, right? And all of a sudden your phone rings on some miscellaneous Thursday evening and it’s somebody trying to sell you windows or whatever, and it’s this horrified look on these people’s faces, right? How did they get the number, you know, type of a thing? Well, it’s just, you know, Bob at the window company is just random dialing effing numbers, trying to get somebody to pick up the damn phone. Right. You know, and the same thing happens with the bad guys in the technology arena.
Now basically every internet facing system out there is addressable through of series through four three digit numbers separated by a period. So what they’ll do is they’ll go to 1.1.1.1. You know, anything there? Nope, okay. Now I’m gonna try 1.1.1.2. And then basically run through every freaking IP address, known to man, and all they’re looking for is signs of life. You know, once they find some sign of life, then they start passing it to different groups which will do different tests to try to identify what type of a device is this? What is the end point that I’m hitting? You know, can I tell what operating system it has? What type of software does it have on it? And they have this stuff is dialed, it is tuned. And you can literally, they will literally in minutes be able to go from randomly finding your system to all of a sudden knowing a hell of a lot about it with several rounds of different tests, etc, that they go in and do. I bring this up because, you know, for those companies that are like, I’m too small or I don’t have interesting stuff. The bad guys don’t care. Well, all they care about is I wanna find a system that’s, you know, coming back with any form of response, try to figure out what I can do with it. And, you know, they’ll figure out if it’s a worthwhile target once they’ve already gotten through the door, you know, and so it’s too late once, you know, once they get to that point, oh, they’re perusing your systems and trying to figure out what you’ve got. You know, a lot of people think, well, all I got is first names, last names, phone numbers, emails, you know, that type of thing, right? Quote, publicly available information. Guess what? Your customer doesn’t care.
Your customer is expecting that you’re protecting their personal impact. information, even if it’s just PII, the clients are going to hit clients or public, whoever your customers are, they’re still going to go in and hit the freaking ceiling tiles.
You asked about the type of companies that kind of get hit and as I kind of think through and the vast majority of the things I’m about to go bring up, literally happened within about the last year and a half, but these are just some examples to kind of show the listeners the breadth of systems that have problems, etc, but there are hotels that are getting hit with… Hacks for the key cards for the for the hotel doors. There’s you know chat GPT you know had their user accounts hacked with credentials stolen you know. There’s banking Trojans that are being leveraged on the mobile platforms, Seiko watchmaker they had a targeted attack where the attackers were literally going after patents and patentable materials and proprietary data and things along those lines, that type of thing you know. We have casinos that got hit with ransomware, Ticket Master got hammered with you know five hundred sixty million user accounts you know, we’ve had other types of security events that happened you know people hacking bluetooth toilets, and you know vehicle manufacturers that you know 25 different manufacturers were recently found collecting too much personal information from the car systems, etc. The list literally goes on and on and on, there’s no end to it. So you know your question was you know hey, what types of companies are ones that are targets, frickin everybody’s a target. You’re not avoiding it. You know I mean .I do.
Now, we’ve spoken before in detail on this topic, but what’s the biggest bad assumption companies can make? No I won’t go into a terribly, terribly large level of depth on this one. But the biggest threat to come to most organizations that I’ve seen out there are either organizations that had a problem and needed help or organizations that you know that Just don’t quite get it. I was a doing speaking engagement some years ago along at the time Congressman Mike Rogers who is the chairman for the House Permanent Select Committee on Intelligence, and he said hey if your IT person tells you your company’s fine you don’t need to worry about security then you should just fire them. Well I don’t know that I would quite go that far. The IT folks of the world are a fine group, the problem really is that the organization as a whole is making some bad assumptions about the fact that their developer, their network administrator, their outsourced IT support company, that these people just know how to do their job securely. You know and I’ll put it in perspective you know if I go into my office, and you know, in the medical arena, if I go into my general practitioner and mandate that I have either heart surgery or brain surgery performed by them, they’re going to refer you to a specialist. And the thing that organizations need to get through their heads is this, your devs, your net admins, your IT support company, maybe they do a freaking great job at what they do. But the vast majority of these people, they’re generalists in the IT space. They can do their job and do their job well. Security is a specialty. So it doesn’t mean that just because they can spell IT, that they can spell security too, you know, type of deal. You know, the other bad assumption that I see a lot of organizations make, they go, oh, well, you know, we don’t have to worry about it. We have our stuff hosted at a location that’s already, fill in the blank, compliant, PCI, HIPAA, SOC 2, ISO, whatever, you know, so we’re in this facility and it’s, you know, it’s certified. So that means we’re good. And you know, the reality is, is that for these organizations, they need to realize that they’re hosting company, I don’t care who it is, is only providing some security aspects, but not everything. The devil’s in the details of their certifications. You know, you need to look into, you know, what type of scope did they cover? What are the client, what are the declared client responsibilities in this relationship, etc? I mean, you know, you’ve got to go through and really clearly understand what is the relationship between you and your hosting organization, so that you can appropriately kind of, you know, take responsibility for, you know, some of the, what’s the word I’m looking for, you know, for some of the responsibilities that the target organization needs to take on and which elements are you going to benefit from as it relates to your hosting provider.
What are some of the recent stats for the value of data in the marketplace? How much are these folks actually gonna get from doing these nefarious things? Well I mean it depends on what all they’re after right. I mean you know these are some relatively recent stats etc you know but you know just throw out some different examples you know somebody that can get a hold of an Amazon account that you know that’s worth about twenty five twenty five bucks on the black market. You know Coinbase crypto account that’s worth about two fifty on the on the black market, a cash app verified account. $8.60, a debit card with all the associated credentials, etc, over $1,300, PayPal account, $45, a credit card with personal information, $110, etc. So forged Walmart prescription labels, $100 a label, that type of thing. So it’s all over the board, and it depends. The dollar amounts and the pricing, etc, it really is a combination of, well, number one, what types of controls are being put on those systems, how well they’re able to readily detect fraud will make it less valuable. Because I may only be able to use it for a very brief period of time. The other factor in there is, how much can I go ahead and monetize this particular piece of information? So debit card with all the full credentials, etc, north of $1,300, well, guess what? They can just go ahead and hit that. They’re probably going to be able to peel the cash dollars right out of the account, same thing with the cash app. So it just depends on what it is that the attacker has gotten their mitts on. The other thing is, and this is something that will strike people as surprising, is that a social security number, as an example, versus a medical ID. A medical ID is worth 50 times what a social security number is. Why? Well, because the medical ID, they can go ahead and get a much higher payout off a medical ID than they can with a social number these days. They can do all sorts of fun stuff with the medical information. They can go ahead and take insurance fraud. They can do prescription fraud, there’s a bunch of different ways that they can go ahead and relate, kind of relate the data as it turns out. So, yeah, it’s kind of entertaining some of the differing values of data in the marketplace these days.
Indeed. Now let’s talk about breach risk for the listener to really make the topic relatable. Tell me about how it relates to folks that are listening to this particular podcast. Yeah, so one thing that I want everybody to do as they’re listening through this is, as I start kind of walking through this, I want you to start tallying up numbers of records, okay? So, you know, as an example, employees. This isn’t just how many employees do we have today, but this is how many employees do we possess. information about the employees. So think about your past employees. How many of those do you have, etc. So tally up that number. Tally up the number of customers that you have depending on what type of an organization. You may have clients of your customers data. So throw those into the mix too. As you start to tally up the different information, different records that you’ve got, etc. You know there’s a there’s another factor here which kind of plays into you know, we talked about it earlier the value of data. It depends on what type of data that your organization has. You know maybe you have credit card data. Maybe you have you know medical data. Maybe you have personally identifiable information only. You know phone numbers and emails and addresses. You know things along those lines. But keep in mind in the kind of PII space that’s where your driver’s license is. That’s where your social security numbers are going to fit in. You know things along those lines. So just tally up all of those numbers. I would say for an average you know for an average organization I don’t think it would be unreasonable that pretty much anybody in business could make 2,200 records as an example. But maybe your organization has 10,000 records. Maybe your organization has 80,000 records. You know just as you were tallying that number up keep that number in mind. I’m gonna use 2,200 and as a easy mark to hit as we kind of go through this. But there’s other things that when you’re talking about the breach risk and whether it’s worth protecting. You know we’re also talking about things like and I brought this up earlier when I was talking about things going on in the news with Seiko. You’ve got intellectual capital. You know you’re in business for a reason. Now somebody out there thinks that you’re worthwhile paying money for your product or your service or whatever you know and the work that you did to get to the point that you’re at now, there were costs that you sunk in for development you know development of the product development, of the software whatever it may be you’ve got number of years that you’ve invested into it. You have a uniqueness factor you know of what you do and how you do your secret sauce if you will. You know this could be a process ,an idea, a product, it just depends. And also what we’re talking about things we’re protecting you know think about think about if you have something that’s really unique where you’ve got you know patentable, information, data, technology, specs, whatever it may be, you know, if you have patents that you’re busily working away on, you know, keep in mind that, you know, if you’re still in the process of, you know, generating the information for the patents, there’s an implication here, which is the first person that goes and files the patent, hey, guess what? They win, you know, and there’s actually organizations that have had their information stolen from them, patents filed, and quite literally the entire business centered on, you know, centered on the use of that patent, and some of these organizations were quite literally forced into a position where they needed to pay the bad guys for use of the patent that they developed that the bad guys stole.
So yeah, it’s a cold world out there. Especially when you’re talking about December in Michigan. No doubt about that now. Now, a lot of folks can’t believe how expensive breaches are. So what are the kinds of expenses that come into play for a company that was breached? You know, actually you want to know what do me a favor. I’m going to hold that one because there was something else I wanted to get into here before I leave this topic. So I’ll ask you. What do you got for us? So remember, I was saying to the listeners to hold on to that whole, you know, I’m using 2200, you know, as my number. But in terms of the breach cost measurement, here’s where the number you came up with is going to kind of come into play for those that are playing along at home. There is an organization. It’s actually located in northern Michigan called the Ponymon Institute. And you see a lot of these various, you know, cost of a data breach. etc, etc. The one thing that I’ve always really liked about their particular study, they do an annual cost of a breach study.
The latest one was their 2024 study. It was released in July. And the cool part about this one is, 604 different companies located across 16 different countries across 17 different industry sectors. So this is a pretty broad spectrum of real organizations that really got breached, that opted to participate anonymously in this study. The other cool part I really like about this one is, they use, I’m gonna call it reasonable record counts. So the number of records that were stolen. This isn’t the Ticketmaster 560 million, you know, isn’t thrown into this mix because it would… dramatically skew things, right? So what they did is they kept the record counts between 2,100 records and 113,000 records. And so per record, around, the number in 2024 is around $181 a record, you know, was the average, you know, kind of across the study. So now that I come back to that 2,200 records, guess what? That 2,200 records at the 181, you’re looking at almost $400,000 is gonna be the cost of this breach. This is a tiny breach and we’re talking about 400 grand.
You know, the US average cost per breach is 9.36 million. So on average, those that were involved in this study, their real dollars that had to get paid was 9.36 million in their 2024 study. You know, so, you know, the one thing that I bring this up so that companies can really think about what they’re doing.
You know, I’ve heard the lip service, where there were two smalls or we don’t have anything they’re interested in, blah, blah, blah, blah, blah. Bottom line is, is that, you know, if you get hit, you know, with a breach, oh, you will wish that you had taken your security seriously because it will cost you big time. You know, and I would harken back to, we’ve done episodes on, I don’t wanna get into it today, but we’ve done full scale episodes on, you know, on cyber liability insurance, etc. For anybody that’s sitting there, you know, that’s, you know, kind of got a little pit in your stomach, etc, you definitely wanna go listen to the detail on the cyber liability. insurance because that’ll be eye-opening as well.
But you know some of the key points from this particular study, a third you know almost a third of the breach costs were attributed to lost business you know 46% of the breaches it involved purely PII you know and these are the people that are getting hit with these big dollar amounts. Kind of scary part 258 days this was the average time to identify and contain the data breach for those that are in this study it took them 258 days yeah two-thirds of a year. yeah or um you know it was almost 200 days to realize they had an issue and then another you know north of two months to be able to get it contained you know type of a thing. So yeah I mean the companies literally are operating there day by day by day and going through two-thirds of a year before they go oh crap we got a problem you know. 42% of the breaches were identified by the internal security team and tools, a third of the breaches were identified by some benign third party, 25% of the breaches were actually the reason that they found out they had an issue is because the attacker you know basically put blinking lights on and said hey by the way you’ve got a big problem you know. And again we go back to that you know your Tuesday you know it’s a miscellaneous Tuesday that just goes to shit yeah that’s not fun when you know you find out that all your machines have been ransomwared and you know there’s a nice flashing symbol on all your computers.
Yeah so causes of the breach. The top five reasons, again these are real companies that really got breached maliciously. One business email compromise was another phishing, was another stolen or compromised credentials and social engineering you know. The only kind of shiny spot in here is that they did identify some factors that assisted in reducing the breach cost impact, so what they found is companies that were doing these things on average ended up having to you know less spend you know for their breach and those things included employee training programs ,AI and machine learning insights in this you know security space. Tools they use as part of a security information and event management system otherwise known as a seam, you know as well as incident response planning you know, planning testing, being prepared to be able to respond once they know that they’ve got an issue. But you know it’s a pretty expensive game to be on the wrong side of the dice roll. No doubt. Now as we mentioned a lot of folks are really looking along the cost lines but are there other things that they need to think about when it comes to expenses around the cost of a breach. Well you know one of the questions I get a fair amount of the time you know, I’ll have people listen to these numbers right, it is part of the reason I like the Ponymon Institute, the fact that you can drill it down to cost per record it now makes it relatable to the organization that we’re talking about.
It’s easy for people to just whip out these numbers. Oh, well, average, you know, just like the Ponyman Institute did it as well, where they’re like, oh, the average cost for a U.S. company that was in our study was 9.36 million. Well, what does that immediately do? Everybody goes, well, that wouldn’t be me. Right, I’m not average. Yeah, yeah, oh, I don’t have that much stuff, whatever. You know, bottom line is, is that these aren’t gigantic breaches that we’re talking about. These are reasonable record counts. I mean, you’re not gonna be that far off, but regardless whether you have, you know, 2,784 records or you’ve got 87,623 records, everybody can take the dollar amount per record and do the math. But one of the things that kind of is for the uninitiated in this arena, because I mean, if you think about it, right, of all the companies out there, it’s like every single one’s been breached and gone through this hell and da, da, da, da, it is a subset of the overall businesses that exist. But a common question that I’ll get is, you know, why in the hell does it cost so much money? So some examples of things that come up when you’re talking about breach costs, things like, I’m just gonna, whatever, I’m gonna kind of go all over the board. But, you know, things like, you know, professional security testing that you’re gonna need to do, a.k.a. penetration testing. You know, you’re gonna need somebody to come in and figure out, you know, where are the technical holes and, you know, blah, blah, that people can go tromp through. You know, is there one hole or are there 25 holes? Dunno, but find out, you know, doing some type of professional third-party risk assessment, having to bring in all sorts of different consulting fees, security specialists, assessors, you know, things like that, along those lines. Most certainly, a huge piece is going to be legal fees, right? Handling the breach, handling lawsuits, things along those lines. What else could be coming your way? It could be regulatory fines. It could be coming off of, you know, it could be depending on what type of data, you know, got breached. You could be facing fines from the payment card industry. You could be facing fines from, you know, related to HIPAA and OCR. You could be facing fines from the SEC, you know, the regulatory fines coming down. The unfortunate part is that’s the type of stuff that’s coming down. That’s like the cherry on top that comes rolling down typically, you know, months to years down the road as a pleasant surprise, shall we say.
You know, what a lot of people find surprising is the amount of pain felt in the communication arena. You know, what types of communications do you need to pull it out? Individual notifications to individuals. Well, as I’m sitting here and I’m thinking about who all do I need to tell, right? Well, number one, it depends on you gotta get through some of these other activities that we’re running through. Just figure out what happened, you know, which records were potentially exposed, etc. That way I have a pool of potentially affected records and now I gotta go in and I gotta look at that data. Are these people that exist in just, let’s put it out or whatever, let’s say Arkansas. You know, are these only people that exist in Arkansas or with the type of nature of data that I’ve got, do I have breached records from California and Arkansas and Florida and Texas and Maine and Ohio as an example. So if I now have breached records across all of these various states, well now, depending on what type of data is gonna govern, what types of obligations and responsibilities I have for notifications, where the breach happened, or where the people were at, and almost every state has different breach notification laws. So as I’m trying to just piece this together, who do I need to tell what so that I can do my obligations and check the boxes of doing all the right things, etc. That’s a whole art form in and of itself. You know, obviously you’ve had a problem, so you’re gonna need to spruce up your employee training. There’s gonna need to be an investigation, AKA data forensics costs that are coming into play. You’re gonna have to bolster your security awareness program. Depending on what happened, what was the issue and what caused this, etc. You may need to make some massive changes in vendors, you need to make some modifications to which vendors you’ve got, swap one out for another, get three new vendors in place, etc. On top of all of that, if part of the issue was that you don’t possess the right people on your workforce to be able to appropriately handle this now that you’ve learned the tough lesson, you could have workforce changes. And trust me, people in the security space, I’ll tell you right now, they are not coming in cheap. So, you know, you may have to lay off some people just to get the right security people in, etc.
It’s a massive upheaval. But, you know, bottom line, you know, the bottom line, biggest, biggest long-term impact to your organization. And I say this to folks all the time, you know, you go talk to your salespeople. Ask them. Hey, how easy is it to go ahead and get a new client and your salespeople are probably going to tell you how challenging it is, well. Can you imagine trying to be in that same position of selling but every single freaking time that somebody goes and does a look up on your company what do they see. They see in Google in lights and blah about all of the you know breach information and breach notifications and, and, and. There’s just this never ending story of breaches. Quite frankly a lot of organizations as they’re going through and even contemplating working with somebody they’ll put the company name in and then add the word breach you know just to just to see what comes up, you know. You know it would be hell to try to attract organizations if you’re in that state. Certainly the other you know the other piece of it is that you’ve got you know a lot of people depend on their existing customer base right, all our customers love us and you know blah, blah, blah. Guess what you’re about to find out just how much they love you when they realize that you’ve now betrayed their trust. They trusted you with their information and their data and you’ve now betrayed that. You know how much are they going to love you after that when they know that now they got an issue because of you. That’s one of the biggest hits is companies you know are in this just absolute shit storm. All hell’s just broken loose, your name’s going up in lights, your existing clients are you know are justifiably asking what the hell’s going on, you’re not able to even give answers out of the gate. Dude it just it is just horrifying I’ve watched companies go through this stuff and it’s definitely not fun, and my goal, my objective is to try to put companies into a position where they’ve done their best to mitigate the possibility of that happening to them.
Absolutely, parting shots and thoughts for the folks this week Adam. Well If I didn’t drill it home well enough so far You know, honestly, man, I mean companies got to take this seriously leaders of organizations you know look at your responsibilities to your customers, to your clients of your customers, to your vendors that depend on your organization, to your employees most importantly. You know their livelihood their paychecks are dependent on you guys as leaders of an organization taking this shit seriously You know, it’s not a an easy burden, It’s something that I have seen way too many companies De-prioritize with the it won’t happen to us or we have other things to spend our money on or you know, well, that’s just a cost center and we can’t afford it. Guess what man? You can’t afford not to protect your organization, because otherwise if you get hit you very well could be you know heading on a train straight out of business. And that unfortunately happens with a lot of organizations out there. So take it seriously get proactive This stuff is not that challenging. If you are actually taking it seriously.
And that right there, that’s the good stuff. Well, that’s all the time we have for this episode of compliance unfiltered I’m Todd Coshow and I’m Adam Goslin. Hope we help to get you fired up to make your compliance suck less Thanks for watching!
