On a recent interview about the Titan sub catastrophe, director of the movie Titanic James Cameron, who has made 33 successful dives to the Titanic wreckage site, pointed out that this tragedy is eerily similar to the 1912 Titanic disaster: the captain of the 1912 RMS Titanic was repeatedly warned about ice ahead of his ship, yet he plowed ahead at full speed into an ice field on a moonless night, resulting in the deaths of over 1,500 innocent souls.

The captain of the sub Titan and CEO of the company OceanGate, Stockton Rush, was also repeatedly warned about his vessel’s safety, lack of certification for the vessel’s integrity, lack of a tracking device (think airplane black box), their experimental approach to deep dives (despite the fact that this is a very mature and well-understood practice) and lack of a backup sub. He also proceeded to plow ahead at full speed, taking people in an extremely unsafe vehicle, also killing innocent people. If there was ever a case for willful negligence, this is it.

When it comes to IT security and compliance for small business, this kind of willful negligence is rampant. Sometimes it ends with an abrupt, catastrophic “implosion,” as with the Titan, where a company is destroyed by a ransomware attack, operations shut down, unable to transact, employees and clients harmed and their reputation tarnished.

In other cases, the risk is there but hasn’t been addressed because nothing bad has happened – yet. Willful negligence in IT security and regulatory compliance to data privacy and protection comes in three forms.

The first is willful ignorance. Some people running a business are young and inexperienced, too new to the business world to understand the risks they are incurring by failing to protect their clients and themselves. Often, they are being advised by the wrong people – an IT firm that knows how to make their tech work but lacks the expertise to implement good security protections. You kind of can’t blame them for getting it wrong initially, but at some point they’ll get smacked with a cyber-attack and learn the error of their ways the hard way.

The second type of willful negligence is willfully stupid.

This group CANNOT claim “ignorance” as their defense. They KNOW they should be protecting their business and their clients’ data from cyber-attacks. They’ve heard the stories, they know the laws and may have been warned by their IT company or person, but foolishly believe “that can’t happen to us,” or choose to assume they’re “fine” because they are using a cloud application that promises compliance (which is correct for THEM, not necessarily for YOU). They trust but don’t verify that their IT person or company is actually doing what they’re supposed to, and often lack cyber liability insurance, choosing to take the risk because they’re cheap or can’t be bothered.

The third type of willful negligence is, in my opinion, the TRUE meaning of willful negligence and the most immoral and unforgivable. Determined negligence. These people stubbornly insist on continuing to operate without proper security protocols in place, without a disaster recovery plan, without any insurance, without assessing and inspecting their environment, refusing to acknowledge ALL facts, history and evidence to the contrary. They know they are acting irresponsibly but don’t care.

After the tragedy of the sub, multiple experts came forward to point out all the risky behaviors Rush was allowing. The hull had not gone through any type of cyclical pressure testing or thermal expansion and contraction testing. The hatch could only be opened from the outside and not the inside, which wouldn’t allow them to escape if needed in the event of an emergency – one small fire inside would have been catastrophic. No atmospheric system to monitor interior gases such as oxygen, carbon dioxide and carbon monoxide. No emergency air breathing system. The viewing window was only certified to 4,000 feet, not the 12,500 feet of the Titanic wreck. But the most egregious of all was an egotistical assumption by the CEO that he knew better than everyone else around him.

I wonder if he put all of this in the brochure and explained that philosophy to the people in the sub who lost their lives that day.

Everyone makes mistakes. Everyone has a moment in their lives when they place trust in someone they shouldn’t. Everyone has blind spots, and we’re all ignorant and misinformed about something. The question is do you STAY willfully ignorant or stupid to the point of being determined to hold steady to your course of action to the point where you not only do harm to yourself, but to others as well?

If you do, it’s only a matter of time before you have your own ship sunk, your own personal Titanic-size wreck. Sadly, if you’re the CEO of a company that holds financial data, credit cards, medical records, tax returns, Social Security numbers, birthdays or even the contact details of your clients OR employees, YOUR willful negligence in cyber protection will absolutely harm others.

At AdRem Systems Corporation, we understand the gravity of the risks posed by willful negligence in IT security and compliance. Just like the Titanic and the tragic Titan sub incident, businesses that disregard the importance of robust cybersecurity measures are endangering not only themselves, but also their clients, employees, and partners.

We believe that it’s crucial to break away from the three forms of willful negligence. It’s time to take proactive steps to protect your business, safeguard your data, and ensure the trust your clients place in you is well-founded. As an experienced and reliable IT partner, we are committed to helping you navigate the treacherous waters of cyber threats and compliance challenges.

Implement these steps and start protecting your business:

  1. Assess Your Vulnerabilties: Understanding your vulnerabilities is the first step in building a robust defense against potential cyber-attacks.
  2. Implement Industry-Leading Solutions based on your assessment results, that are tailored to your unique business needs.
  3. Stay Informed and Educated: Cyber threats are ever-evolving, and it’s essential to stay informed about the latest risks and best practices. Read more about The Importance of Cybersecurity Training for Your Business in our blog.
  4. Develop a Disaster Recovery Plan: A solid Disaster Recovery Plan is a lifeline in times of crisis.
  5. Proactively Monitor Your Business Network: You need a dedicated team to continuously monitors your systems, detecting and neutralizing potential threats, promptly.
  6. Obtain Cyber Liability Insurance: We strongly advise you to consider Protecting your Business Needs with Cyber Insurance as an extra layer of protection. In the event of a breach, this insurance can mitigate financial losses and help you recover more quickly.

Don’t wait for a cyber disaster to strike. It’s time to take responsibility for the safety and security of your business and those you serve. Together, we can steer your organization away from the path of willful negligence and towards a future of resilience and success.

Contact Us today or fill out the form to schedule a short 10-min consultation and start building a robust cybersecurity fortress for your business. Let’s prevent your own personal Titanic-sized wreck and protect the trust of your clients and stakeholders.