Businesses and organisations need to keep their ‘A-Game’ as reports show that data breach costs are sharply increasing.
If they do not want to be facing fines and costs for not providing adequate security to their customers, they must step-up.
In the growing digital era, it’s important that companies and organisations are equipped to fend off cyber hackers/attackers, as malicious techniques are used to gain unauthorised access to personal data.
Increase in cybercrime
Many companies are fooled with a false sense of security and belief that cybercrime is not something they will be a victim of.
In reality, it has drastically increased, and reasons for this might be due to a number of factors.
The U.K. has been identified as a hotspot for cybercrime, with a statistic of 44% of most attacks happening within these shores, according to the Guardian. One of the main reasons, and the one that I would suggest seems most likely, is that companies are not putting in place adequate security to fend off attackers.
This was shown in a survey conducted by the accountancy company PwC, where one third of companies had no plans to prevent online fraud. Another reason for this could purely be because everything is becoming so digitalised nowadays. For example, cloud-based systems are being used more, like the Apple iCloud system, where data, such as photographs, can be stored digitally, and may therefore be at risk.
Regulations
The new General Data Protection Regulations (GDPRs) that comes into force in 2018 will impose even more stringent fines on non-complying companies.
The most severe penalties are said to be set around the 20 million Euros mark, or up to 4% of the annual turnover, whichever sum is higher. Governments seem to be taking the rise in cybercrime more seriously, as it adversely affects their country’s economy, and not in a good way.
Consequences
The risk and adverse consequences are shown in recent high-profile cyberattacks to major companies like the NHS, TalkTalk, Yahoo, and now mobile network Three. The Information Commissioner’s Office (ICO), who have the power to impose up to £500,000 in fines, imposed £400,000 on TalkTalk for the lack of secure protection on their customers’ accounts. It’s not just businesses that are victims to the attacks – in most cases, customers and everyday citizens are the ones who have to face the consequences of their information being passed around and sold on the so-called “dark web”.
Cyberattacks have the potential of bringing down a company. A small to medium enterprise, for example, may not have the financial means to be pay a fine caused by a data breach as well as keep the company going and cope with potential claims against them. The credibility and reputation of the company could also be damaged as there would likely be bad press in the media, which may deter customers from using the company in the future.
After attacks, companies are expected to review their security and privacy settings as well as make changes if there are not adequate protections in place. In most circumstances, this will put a strain on resources of the company.
For small firms, an average cost for a data breach was valued at £190,000 last year. For larger companies, an average cost for a data breach rose from £800,000 in 2014 to £2.3 million last year: so you can see we are not playing with small amounts of money here. Those figures could damage companies beyond repair.
What businesses must do
It’s not enough for businesses to be complacent with their security protocols. They must continually review their security, and if the security team are not equipped in this manner, they must hire more skilled people to ‘do the job’.
Prevention plans in combination with response plans are what all companies need. It’s no use having one or the other. If they do not do so then they must feel the force of a fine. The Government are also seen to be ‘mucking in’. We know they’ve noticed the growth of cybercrime over the years, cemented by the Government pledging £860 million on cyber security programmes nationwide which can help businesses and organisations prepare and be better equipped on cybersecurity.
Cooperation
Cooperation is also needed. Following the GDPR, companies will need to notify authorities of data breach. Let’s hope that the new regulations will deter organisations from committing data breaches.