In the era of three letter acronyms - many of which have spawned billion dollar industries - it turns out that reputation is a critical motivator for investments in IT, legal and compliance.
One of these acronyms is PCI - the Payment Card Industry Standard. In short, if you are a retailer or merchant processing credit or debit cards, you need to comply or get fined. But the real motivator is loss of reputation. As Michael says:
PCI is good, strong, it has the right ideas and motives, but it doesn’t cost enough to ignore. £500,000 isn’t enough for a big push, or even the big publicity to generate more talk around a big push. The loss of brand reputation absolutely is.
Just look at the TJMax case. The reputational damage is now in the extreme and a major communications issue. I wonder how many communications teams are working with the IT teams on crisis planning related to IT compliance? If not, get going...