When was the last time you heard someone say that something had “slipped through the cracks?”
It’s a common enough euphemism. We generally use it when we’re negligent in some way–forgetting to do something important, missing a salient detail, or making a small mistake that may have large consequences.
It also implies that while we made a good effort to lock everything up tightly, we couldn’t achieve a perfect, airtight seal, so–improbably–something got by, and “oh well, stuff happens.” It’s more of an excuse, really, almost an attitude. And most of us seem content to let transgressors who offer the “cracks” explanation slide.
I wonder if we would be so blas? and charitable, however, if what slipped through the cracks brought our agencies or companies to their proverbial knees. If a carrier’s CIO says, “Whoops (chuckle, chuckle), looks like I forgot to turn on the firewall after I rebooted the systems and our entire network is compromised with malware, shutting us down for the next 18 hours,” are we going to be OK with the explanation that something “slipped through the cracks?” Probably not.
Yet, our industry seems disturbingly comfortable with tolerating the “cracks” when it comes to the security of the huge volumes of personal, sensitive data we handle daily.
At an industry conference panel earlier this year, I brought up the very real problem of ensuring data security in the insurance industry. Another panelist–a respected analyst–dismissed the entire subject, asserting that data security is “a lights-on issue.” In other words, as long as we flip the switch and turn on the “lights” of our security systems, all should be fine. Why even discuss something that can be so easily dealt with?
Presumably, then, any security breach that does occur happens because “something slipped through the cracks” of our defenses–either technological or personal. It’s regrettable, but what can one do?