Date: 09/01/2015 | Corporate, Data Protection & Information Law
Significant questions are now being asked regarding the implications of cyber-attacks and how to deal with these attacks should they happen to our businesses.
These attacks don’t just happen to the biggest companies. According to the 2014 Information Security Breaches Survey conducted by PWC on behalf of the Department for Business, Innovation & Skills, 55% of large organisations were attacked by ‘unauthorised outsiders’ in the previous year, together with 33% of small businesses. Whilst most data hacks won’t have the same impact as the emails and other sensitive information leaked from Sony, many businesses will be taking the opportunity to carry out an audit of their existing data protection systems this New Year.
What is a cyber attack?
A cyber attack in its basic form is an attack by one computer on another, carried out by computer hackers. Once a hacker has access to a computer, they can access any data that is saved on it. If information held by a business or organisation is highly sensitive data and is released or stolen, this can be incredibly damaging to a business - especially those that process large volumes of sensitive data on behalf of their staff, customers or clients.
There can be a range of financial implications for an organisation which finds itself in this situation such as loss of revenue, loss of time in dealing with the attack, the cost of notifying customers or clients, compensation for loss of sensitive data, reputational damage and the cost of third party fees such as lawyers’ fees for advising on data protection and the surrounding fall-out. The Information Security Breaches Survey reports that the total cost to businesses dealing with information security breach incidents nearly doubled in 2013 compared with 2012, to £600,000-£1,150,000 for large organisations and £65,000-£115,000 for small businesses.
There may also be regulatory fines or penalties levied on an organisation. Currently, the maximum penalty that can be levied by the Information Commissioner, the UK authority tasked with upholding and enforcing data protection legislation is £500,000 however a business might be fined up to €100 million or 5% of an organisation’s annual worldwide turnover, whichever is higher in the event that it is found guilty of negligent of protecting its data, if proposed new EU legislation comes into force.
How do I protect my business from the risk of cyber attacks?
Clearly, given the huge potential implications that may result from cyber attacks, it is important for an organisation to take steps to prevent such attacks and to have a plan of action should one occur.
These short tips provide a good starting point:-
Cyber attacks are clearly an important area which should be considered given the risks to your business. To discuss protecting your business against potential cyber attacks, or data protection in general then please contact Lisa Kitson.
Keep your organisation up to date with the latest opportunities and changes in commercial law with regular insight and updates from the experts at Davidson Chalmers Stewart.