YOU might have thought that Brexit would have put a stop to the introduction of new EU rules in the UK. However, a review conducted by the Department for Culture, Media and Sport last year found strong justification for new regulation to secure personal data and protect citizens from crime and other harm. This will be introduced this time next year to mirror the EU General Data Protection Regulations (GDPR). This decision was undoubtedly also driven by the need for the free flow of data with the EU, USA and other data protection regimes, and will play a part in wider post-Brexit trade deals.
The new law will affect all companies, large and small, and should not be ignored. The sooner action is taken, the better. Failure to keep personal information about customers and employees secure is already costly. Benchmark research conducted by Ponemon Institute in 2016 and sponsored by IBM, showed that, in a survey of 41 companies in the UK, the direct cost of a data breach was £48 per record. This included costs for engaging forensic experts, data subject notification, helpline and credit monitoring support. Consequential loss following lost business increased this number to £102. Based on this, the loss of just 500 customer sales records could result in a cost to business of more than £50,000 and this does not take into account civil actions, compensation and management time. The research identified even higher costs following a cyber crime attack.
The new legislation will add to these costs. It will introduce new obligations for data controllers and strengthen the rules for breach notification. It will also increase fines imposed by the Information Commissioner’s Office.
Business managers should consider the strength of current data protection strategies. With increasing criminal activity and data theft, a key part of these strategies should be cyber security and insurance. How ready are you? In February, leading insurer, Hiscox, published its 2017 Cyber Readiness Report. This was compiled from a survey of more than 3,000 executives in the UK, US and Germany, and the report provides an up-to-date picture of the cyber readiness of businesses large and small. It also offers a blueprint for best practice in the fight to counter an ever-evolving threat.
A key finding of the Hiscox report was that, while big firms incur the highest overall costs, the financial impact of cyber-attacks is disproportionately high for the very smallest companies. Small businesses also appear more complacent, with nearly a third of respondents saying they changed nothing following a cyber security incident.
For more information about the General Data Protection Regulations, a copy of the Hiscox report or discussion about insurance options, contact Simon Mitchell, Corporate Account Director at Towergate Insurance Northampton on 01604 887325.
Towergate Insurance is a trading name of Towergate Underwriting Group Limited. Registered in England Company No. 04043759, registered address Towergate House, Eclipse Park, Sittingbourne Road, Maidstone, Kent, ME14 3EN. Authorised and Regulated by the Financial Conduct Authority.