RESEARCH conducted by leading digital security specialist, Gemalto, and released in September 2017 highlights poor internal data security practices. Gemalto’s Breach Level Index, a database of worldwide data breaches, identified
* 1.9 billion data records lost or stolen during the first half of 2017, up from 665 million in the first half of 2016
* the United States accounts for most of this, with a massive 1.6 billion breaches
* although nowhere near the US numbers, the United Kingdom has the second highest number of breaches
* more than 1.6 billion resulted from accidental loss or human error, compared to 258 million in the same period last year.
Year on year, the higher risk industry sectors remain the same, with healthcare, financial services and education in the top three. However, according to the Gemalto research, there has been a growing trend over recent years in data breaches within other sectors, including industrial, entertainment, hospitality and non-profit.
One thing is for certain, this is a growing global problem for business managers.
UK businesses will be affected by the introduction of new data protection legislation in May next year. The new legislation brings into force the EU General Data Protection Regulations (GDPR). It will bring UK regulation in line with the rest of Europe and the USA and reflect the modern technological trading environment in which we live. Despite GDPR happening soon, a recent poll of 1,000 organisations in the UK and conducted by Symantec, identified that more than 80 per cent of respondents were not prepared for the new data protection rules and compliance regime.
The need to prepare for GDPR should be seen by company directors and managers of key concern and a business priority. Failure to comply will result in significant costs, including fines and bad publicity. With GDPR due to come into force in May next year, failure to keep personal information about customers and employees secure will become even more costly, with the maximum fines imposed by the regulator increasing from £500,000 to the higher of £20 million or four per cent of turnover. To put this in perspective, research published by NCC Group in April 2017 estimated that fines by the Information Commissioner’s Office (ICO) against British companies last year would have been £69 million, rather than £880,500.
If not done already, business managers need to consider the strength of current data protection strategies, including cyber security. Think of this like installing an intruder alarm or other property security. It will reduce, but not necessarily remove the risk of loss and you should still consider the need for insurance. As with an intruder alarm, a determined hacker will find a way in, even if you have installed the very best security.
This is the case with the popular security product, CCleaner, which is installed on over 700,000 computers. Preliminary research published on Cisco’s Talos Intelligence Group Blog on 20 September 2017, highlights a potential ‘back door’ in the software programming, which hackers have used to install malware on the networks of 20 major tech companies. The research identifies a number of machines that have already been infected.
For more information or an informal discussion about cyber security, the General Data Protection Regulations and insurance options, contact Simon Mitchell, Account Director, Towergate Insurance, Northampton on 01604 887325. Simon is a Chartered Insurance Broker with more than 30 years’ experience and a wide range of knowledge about insurance for business. This includes specialist advice about emerging risks such as cyber crime and terrorism.