Cost of Data Breaches Will Keep On Getting Higher
We all know cyberattacks are a fact of business life these days and it is no longer a question of if you get attacked, but instead when will you be compromised.
When the ‘inevitable happened’, it used to be that a company was hit financially as a by-product of being hacked by cybercriminals due to factors like the impact on their reputation; customer loyalty and even share price.
High profile hacks of businesses like Target in the US resulted in large-scale customer desertion (although short-term), a reduction in share price and even executives losing their jobs.
Attacks are not going away - on the contrary they are getting more common. According to a UK government 2015 information security breaches survey, 90% of large organisations and 74% of SMEs reported a security breach, leading to an estimated total of £1.4bn in regulatory fines that have a current maximum of £500,000.
But from 2018 the cost of a data breach or hack could go far higher with new EU legislation on data breach notification set to be implemented.
These changes mean UK businesses could face up to £122bn in penalties for data breaches.
In 2018, the European Union’s General Data Protection Regulation (GDPR) will introduce fines for groups of companies of as much as, €20m or 4%, of annual worldwide turnover, whichever is greater.
Of course we don’t know what changes there might be based on Brexit, but even so it is likely the UK will adopt a similar fine doctrine.
Clearly companies, both large and small, need to act now and start putting in place robust standards and procedures to counter the cyber security threat, or face the prospect of paying drastically increased costs in regulatory fines, as well as the reputational harm to their brand.
To be ready for this and to counter the growing industrialisation of hacking, businesses must gain an awareness of their digital footprint and the profile of their attackers. By doing this they can prioritise their security to where it has the most impact and therefore prevent, detect and help contain cyber-related incidents.
Only by analysing their company through an ‘attacker’s eye view’, can they be alert of potential threats, instances of sensitive data lose or compromised brand integrity and be able to stop them quickly with less impact on their brand, and then regulatory regime.