It seems like every time we turn on the news we\u2019re confronted with a story about a high-profile company suffering a major data breach that has affected thousands, if not millions of their customers.\nUnfortunately, we\u2019re in danger of becoming immune to these stories, seeing them as nothing more than business as usual.\nThe truth is, data security has never been more important. The introduction of the EU\u2019s General Data Protection Regulation (GDPR) was testament to that, forcing companies across the globe to get serious about how they collect, store and destroy the personal information of their customers.\nThe state of California has also passed its own law that mimics GDPR in order to boost the rights consumers have surrounding their own data.\nAs a result, a growing number of companies are actively hiring a dedicated CISO\/CSO (Chief Information Security\/Chief Security Officer) to help them handle sensitive data and mitigate the very real threat of data leaks or breaches that can cost organisations both financially and in terms of reputation amongst their customers.\nAccording to Ponemon Institute\u2019s 2017 Cost of Data Breach Study, in 2017 the average cost of a data breach across the ASEAN region was US$2.29 million. The report also found that appointing a CISO could reduce the cost of said breach by about US$5 per stolen record.\nWhile hiring is CISO has its clear benefits, it doesn\u2019t guarantee your business won\u2019t be hit by a cyberattack. However, there is very little downside to improving internal security practices and hiring someone with a fundamental understanding of how security systems work.\nThe role of the CISO\nAs the nature of the threat landscape has evolved over the past few years, so too has the role of the CISO. A position that was once purely focused on the technical has now become more business orientated, with CISOs needing to take a proactive and business-focused approach to security.\nWhile the role still oversees the hiring of an internal security team, CISOs must now also take responsibility for deploying security hardware, setting, reinforcing and updating a company-wide security strategy and auditing current systems to monitor any potential security flaws and mitigate future risks.\nWith different countries and continents implementing their own data governance laws, having a dedicated CISO can also prove crucial in allowing your organisation to conduct business overseas.\nWhy CISOs matter more than ever in 2019\nBetween 27th June and 4th July this year, a cybercriminal gang stole the medical records of 1.5 million citizens from one of Singapore\u2019s biggest healthcare groups, SingHealth.\nThe hackers used a malware infected computer to gain access to the database, but officials said there has been a sustained and specific attack against the Prime Minister, Lee Hsien Loong, who medical records were stolen in this breach.\nIn July 2016, Vietnam Airlines suffered a data breach that saw hackers get their hands on the personal information relating to 410,000 customers. The attack was carried out by self-proclaimed Chinese hackers who compromised the national flag carrier\u2019s website.\nThe data stolen, which was then leaked on the internet, belonged to VIP members of the airline\u2019s Lotusmiles scheme. It included names, birthdays and addresses.\nDespite the continued growth of the digital economy throughout the ASEAN region, levels of cybersecurity readiness fluctuate significantly from country to country. To date, Malaysia, Singapore and the Philippines currently have some data privacy laws in place.\nFurthermore, a report by A.T. Kearney states that the region is a hotbed for cyberattacks, with countries like Vietnam and Indonesia playing host to significant amounts of suspicious web activity and malware launch pads.\nAs a nation, Singapore has a robust cybersecurity infrastructure. However, research by ServiceNow has shown that CISOs in Singapore are, on average, lacking the resources necessary to make their company\u2019s security strategy a success.\nHowever, earlier this month, the Data Protection Excellence Network announced plans to provide better support for recruiters in boosting the number of Data Protection Officers\u00a0(DPOs) in the region.\nAdvertised positions for data privacy experts in Singapore grew 23% year-on-year in September 2018, compared to the same period last year.\nUnfortunately, this is not enough to mitigate the security concerns dominating the rest of the continent.\nAn overwhelming 75% of CISOs in Asia are worried that data breaches are going unaddressed, with a further 71% raising concerns about their ability to even detect the breach in the first place.\nDoes your organisation need a CISO?\nFor the majority of large scale organisations, employing a CISO makes sense from both a financial and a security perspective.\nAs the threat landscape becomes harder to navigate, leaving the safety of personal data to chance is a risk most companies are no longer willing to take.\nHowever, for smaller companies that lack the budget, structure or means to hire a dedicated security officer, there are other alternative solutions that can be put in place.\nTraditionally, the CIO would take responsibility for data security therefore absorbing the role of the CISO back into that of the CIO could help to temporarily bridge the security gap.\nThe bottom line is, whether it\u2019s your CISO, DPO or someone else inside your company that has responsibility for your security strategy; ensuring they have the budget and support they need to do their job is fundamental.\nAs threat actors get smarter and cyberattacks become more sophisticated, the security of your company and the data it holds is far too valuable to be left at risk.