In the recent Global Risks Report by the highly respected World Economic Forum (WEF), business leaders across the world were asked to list the biggest threats facing business over the next decade.
Cyberattacks were viewed as the single greatest business risk in North America, with global business leaders extremely concerned.
They’re concerned because they know that (European Union fines aside) the ramifications of falling victim to a cyberattack can be catastrophic.
They’re concerned because they know that data breaches can damage customer confidence to such a degree that 20% look for services elsewhere.
They’re concerned because they know the scale of the problem.
The CBI reported that 81% of large businesses and 60% of smaller firms experienced an attack in 2015 alone. In December 2015, a report from consumer action group Big Brother Watch found extraordinary evidence of more than 4,000 data breaches at UK councils in just three years. It is clear that we’re facing a challenge to modern business that is growing rapidly, in both frequency and severity.
It’s All About Your Data
At the heart of this threat is data. Whether stored or processed electronically, the reality is simple: data is central to everyday business operation and central to business continuity. Sales data. Customer data. Your intellectual property. Data is the lifeblood of your business, but it is vulnerable. Which means you are vulnerable.
Specifically, we’re referring to:
- Automatically processed data
- Data forming part of a relevant filing system
- Data forming part of an accessible record
- Data recorded by a public authority
Data Protection Gets Serious
In direct response to the rising risks of cybercrime and data protection issues throughout Europe, the European Parliament has been working on new rules for companies on data protection. Called the EU Data Protection Reform (EDPR), the rules have now been agreed and will be coming into force by 2017. The EDPR redefines data protection for businesses across Europe and also applies to anyone else looking to trade in Europe – so that’s everyone. The headlines so far have rightly focused on the enormous financial penalties that will be introduced with the new legislation, but this is only part of the challenge.
Data protection by design
The EDPR requires large businesses to have a dedicated data protection officer but all organisations are expected to adopt a ‘data protection by design’ approach, adding safeguards to all new products and services.
And if things do go wrong, the EDPR demands that any breach is reported to the relevant national protection authority – the Information Commissioner’s Office in the UK – within 72 hours.
Larger businesses much have dedicated data protection officer. SME’s are exempt if ‘data processing is not a core business’, but how many organisations does that apply to in today’s marketplace?
Organisations much adopt ‘data protection by design’ and guarantee data protection safeguards are built into products and services at the earliest stage of development. All data breaches much be publicly delared.
Assessing Your Risks
So where does this leave you? Worried.
And as the WEF report has shown, you are not alone. To address this problem, you first need to understand how it affects you. You need to assess your risk.
The UK Information Commissioner’s Office offers the following guidance for risk assessments:
- The nature and extent of your business’s computer systems and premises
- The number of staff you have
- The extent of their access to personal data
Answers to these questions will provide you with the framework for a security audit, with the ICO providing further advice on this:
- Are your security measures appropriate to the nature of the personal data you hold and the damages resulting from a security breach?
- Is your computer security appropriate to the size and use of your organisation’s systems?
- Are your security measures appropriate to your business practices?
Data Protection: a modern challenge for modern business
Data security is no longer just an IT concern, it has become a major business concern. Business continuity, loss of reputation and custom, and punitive fines – with all these now part of the data protection conversation it is no surprise that businesses are getting increasingly proactive in understanding the threats they face and how to protect themselves.
We have pulled together a comprehensive executive brief written to help guide you through data protection.
You’ll find an overview of the scale of problems in data protection, as well as analysis of latest trends and research, the key points of existing and future regulation, plus advice on how you can begin to understand the risk you face and what to do about it.
To download the executive brief, simply click HERE.