CLOSE
  • Decking Canada
  • Dummy
  • Flooring Systems Europe
  • Construction Management APAC
  • Construction Management
  • Landscaping Canada
  • Construction Coating Europe
  • Construction Consulting Europe
  • Mechanical Contractor Canada
  • Mould Remediation and Testing Europe
  • Swimming Pool Construction APAC
  • Building Sealing Solutions Europe
  • Kitchen and Bath
  • Commercial Contractors APAC
  • MEP APAC
  • Construction Saudi Arabia
  • Construction Law APAC
  • Outdoor Construction
  • Foundation Construction Canada
  • MEP Canada
  • Apartment and Condominium Contractors Canada
  • Cold Storage Construction APAC
  • Precast Concrete Europe
  • Construction Staffing Europe
  • Pre-Construction Services
  • Buinding Restoration and Maintenance Europe
  • Systems Europe
  • Structures Europe
  • Professional Services Europe
  • Systems Canada
  • Structures Canada
  • Professional Services Canada
  • Roofing and Siding Systems Canada
  • Systems
  • Structures
  • Professional Services
  • Construction Forensic and Owners Representative Europe
  • Flooring System APAC
  • Modular and Prefab Construction Europe
  • Construction Interiors Europe
  • Outdoor Construction Europe
  • Pre-Construction Services Europe
  • Building Restoration and Maintenance Canada
  • Residential Construction
  • Concrete Canada
  • Construction Cladding APAC
  • Concretes, Aggregates and Construction Materials APAC
  • Concretes, Aggregates and Materials Europe
  • Commercial Contractors Europe
  • Safety and Compliance Europe
  • Safety and Compliance APAC
  • Concretes, Aggregates and Materials
  • Architecture and Design Services
  • Construction Bidding and Auctions
  • Mechanical Electrical and Plumbing
  • Roofing and Siding Systems Europe
  • Architectural Glass APAC
  • Startups APAC
  • Forensic and Owners Representative
  • Flooring System
  • Waterproofing APAC
  • Wall Systems
  • Construction Demolition and Recycling APAC
  • Construction Engineering Services
  • Modular and Prefab Construction
  • Architectural Glass
  • Construction MENA
  • Construction Demolition and Recycling Europe
  • Construction Interiors
  • Kitchen and Bath Europe
  • Steel Building APAC
  • HVAC
  • Doors and windows
  • Roofing and Siding Systems
  • Commercial Contractors
  • Scaffolding Canada
  • Swimming Pool Construction Canada
  • Construction Management Canada
  • Cold Storage Construction Canada
  • Insulation, Coating and Waterproofing
  • Building Information Modeling APAC
  • Architectural Glass Canada
  • Construction Law
  • Sustainable Construction APAC
  • Doors and Windows Canada
  • Building Restoration and Maintenance
  • Specialty Construction Europe
  • Specialty Construction
  • Construction Engineering Canada
  • Construction Engineering MENA
  • Modular Construction Canada
  • Modular Construction APAC
  • Construction Marketing
  • Construction Latam
  • Workforce Management and Staffing
  • Roofing Systems APAC
  • Construction Consulting
  • Steel Building Europe
Skip to: Curated Story Group 1
Construction Business Review
US
EUROPE
APAC
CANADA
MENA
LATAM
AUSTRALIA
About Us Conference Advertise With Us
  • Europe
    • US
    • EUROPE
    • CANADA
    • AUSTRALIA
  • Professional Services
    Buinding Restoration and Maintenance
    Construction Consulting
    Construction Forensic and Owners Representative
    Construction Staffing
    Mould Remediation and Testing
    Pre-Construction Services
    Safety and Compliance
  • Structures
    Building Sealing Solutions
    Commercial Contractors
    Construction Coating
    Construction Demolition and Recycling
    Construction Interiors
    Modular and Prefab Construction
    Outdoor Construction
    Precast Concrete
    Specialty Construction
    Steel Building
  • Systems
    Concretes, Aggregates and Materials
    Flooring Systems
    Kitchen and Bath
    Roofing and Siding Systems
  • Leadership Perspectives
  • Insights
  • News

Thank you for Subscribing to Construction Business Review Weekly Brief

  • Home
  • Leadership Perspectives

A featured contribution from Leadership Perspectives: a curated forum reserved for leaders nominated by our subscribers and vetted by the Construction Business Review Advisory Board.

Realogy Holdings Corp

Richard Mendoza, Senior Director, Data Privacy & Regulatory Compliance

Data Safeguards: Managing Costs Vs Risks

Richard Mendoza

Richard Mendoza

The days of Information Security and Data Privacy budgets expanding year-over-year have started to slow significantly. The average Information Security/Data Privacy budget is close to 10% of the overall IT budget, but what we are seeing is spending at the 2020 limits and not growing as you would expect. Is Information Security becoming less a priority to management or the Board of Directors (BoD)? I would say no, and a study by the Ponemon Institute found that “83% of directors describe themselves as at least ‘moderately’ engaged with overseeing the risk of cyber attacks”( Cyber Security Becomes a Boardroom Priority | Directorpoint ). This is very significant and does not align with the data on slowing security budgets. What is the disconnect? We can see several trends and potential reasons, but the feeling seems to get the most out of what you have and avoid the new “shiny” toys. So, if 83% of the BoD cares about cybersecurity, and the SEC is requiring specific cybersecurity oversight (SEC.gov | SEC Proposes Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies) by the BoD, how do Information Security/Data Privacy groups manage this?


This quandary requires IT professionals to take a much more business approach to safeguard assets and data and make decisions on a risk-based approach. This is not a new concept, but this is now a narrative that will resonate with senior management and the BoD and be the proverbial good story to tell. In talking with colleagues in different size companies and industries is to approach your strategic and steady-state operations is to bucket controls into four (4) categories and budgets based on criticality:


• Crown Jewels (40%)


• Technical (30%)


• Regulatory (20%)


• Administrative (10%)


"The CISO function is as much a technical expert as a business leader in our current data-centric world. This requires the CISO and information security group to be a partner and not in the Yes or No business" 


The percentages are just an example, but would likely be close after your initial analysis. When I say Crown Jewels, it may overlap the other areas, but knowing what drives the company’s revenue and what is critical to the organization should be a priority. The CISO function is as much a technical expert as a business leader in our current data-centric world. This requires the CISO and information security group to be a partner and not in the Yes or No business. If a business process is facilitating a Crown Jewel component, then moving resources to safeguard that aspect should be imperative for any IT/Security leader.


The Technical controls can be adjusted based on the risk of the assets and data along with the culture of your organization. 


The culture is important because a company that is not acclimated to strict controls can create user experience issues and can thwart the overall mission.


This is where a leader needs to build those partnerships, get management buy-in, understand the data and implement according. When we think of risk/cost and technical controls, the following items can provide robust security and not require substantial cost:


• Monitoring/SIEM tool


• Encryption in-transit


• Malicious Activity blocking, not just detention (there is a big difference)


• Incident Management Tool


• API Security


In our new world of seamless data provisioning, these items can provide appropriate data safeguards and not disrupt the business processes that drive profits, innovation, and required data sharing


The Regulatory side can be a difficult path to maneuver and is fraught with pitfalls and paradigm shifts in the legislative landscape. Every CISO has it ingrained in them that they need to meet all compliance guidelines or the world will end. This is not the case, but being adept at what is needed is critical. To meet this need the following items need to be in place to meet a broad spectrum of domestic/global compliance requirements:


• Data/Asset Inventory


• Ability to me respond to data subject access requests (DSAR)


• Partnership w/Legal and Internal Audit


The items above allow teams that need to run lean to hit the necessary marks and share costs/resources across the enterprise.


The Administrative side of the house is the least visible but pays dividends for the entire user base. This is focused on the user training, learning, and communications portion of the program. This requirement spans all areas and makes sure the employee/contractors are well versed and understand how to safeguard data and be risk-averse, when applicable. Another component is communicating initiatives to the user base and explaining/ ensuring awareness and buy-in. This is a lost art in organizations today, and being able to articulate the “why” and show what the business gets from the hardwork and push past the regulatory fatigue.


In conclusion, this is a fast-moving world, and if you don’t stop and look around you might miss it. If you follow some of the items detailed above can position your organization to optimize controls and allocate costs/resources most efficiently.


The articles from these contributors are based on their personal expertise and viewpoints, and do not necessarily reflect the opinions of their employers or affiliated organizations.
The Leadership Perspectives forum brings together voices shaping the construction industry. Participation is by invitation only. It features leaders who are not merely observing industry changes, but actively contributing to them through operational expertise and project execution insights.
EDITOR'S CHOICE
  • Willis Towers Watson

    Cushman & Wakefield [NYSE: CWK]

    Projects Today Come Down to Nerves of Steel and Realistic Expectations

    Jason D’Orlando, Senior Managing Director, and Michael Morehead, Senior Director, Project and Development Services - Industrial

  • Willis Towers Watson

    Walmart [NYSE: WMT]

    Navgating the Challenges and Innovations in Mega Construction Projects: Building Competent Leadership and Embracing Technological Trends

    Seth Roy, Senior Director - Design & Construction, Walmart [NYSE: WMT]

  • Willis Towers Watson

    Meritage Homes [NYSE: MTH]

    Act Now to Address Aging Workforce

    Poli Peters, VP of Operations

  • Willis Towers Watson

    Advanced Drainage Systems [NYSE: WMS]

    Walking the sustainability walk: The case for EPR

    Brian King, EVP Marketing, Product Management and Sustainability, Advanced Drainage Systems, Inc. [NYSE: WMS]

Copyright © 2026 Construction Business Review All rights reserved. |  Subscribe |  Newsletter |  Sitemap |  About us|  Editorial Policy|  Feedback Policy|  Methodologyfollow on linkedin
This content is copyright protected

However, if you would like to share the information in this article, you may use the link below:

https://construction-finance.constructionbusinessrevieweurope.com/leadership-perspective/data-safeguards-managing-costs-vs-risks-nwid-804.html

We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

I agree