Why should I care about Cyber?
Last time out we looked at “What is cyber?” – particularly in relation to data security. This time round we discuss why your business needs to pay special attention to maintaining cyber security.
IBM’s 2015 Cost of Data Breach Study found the average total cost of a security breach worked out at £2.37 million each. The study also found that these costs continue to increase year-on-year.
The sheer volume of potential cyberattacks is shocking – UK cyber security specialist Trend Micro claims to have blocked over 14 billion different threats (including malware, exploits and hacking) during the first quarter of 2015. Obviously the total number of threats is much, much higher when you consider that other vendors are also blocking attacks, or that some breaches will go completely unreported.
Loss of valuable data
All of your digital assets hold some value to your business, and likely your competitors too. Intellectual property, copyrighted materials and corporate data are all valuable commodities in the digital economy.
This means that anyone stealing your information can easily resell it, either to your competitors, or to other criminals who can extract additional insight from it. They could even hold it ransom, demanding payment before releasing it back to you. So in the same way that your business would struggle if a gang stole your physical datacentre hardware, losing your data could have long term implications.
Even if the thieves leave your data intact, you could quickly lose any competitive advantage you may once have held. Rivals will be able to speed up their own product development for instance, or simply “steal” your clients by producing more competitive contract bids based on the inside information contained in your data.
Damage to company reputation
Losing data to security breaches is also hugely damaging for your company’s reputation. Your customers are unlikely to be too bothered about the specifics behind any network breach either; whether criminals actively break through the company firewall, or exploit a previously unknown blindspot, all that matters to clients is that their personal information was exposed.
Sony has fallen victim to several serious cyberattacks in recent years, becoming a by-word for poor security in some circles. One breach was a significant news story, but experiencing two extremely large breaches over a relatively short period of time has seriously damaged the company’s reputation.
Similarly the LastPass service – intended to offer a secure central repository for users’ passwords – was compromised in the last few weeks, exposing thousands of sensitive logon details to hackers. In a crowded market of similar offerings, this kind of breach, and accompanying loss of consumer confidence, could conceivably drive LastPass out of business.
Finally your business also has a legal duty to protect data from loss or theft – particularly personal information. Under the Data Protection Act 1998, all UK organisations that collect, process and store personal data are expected to prevent loss or theft of said information. Failure to do so can result in an extremely large fine (up to £500,00), and potentially prison sentences for company directors.
The Data Protection Act (DPA) makes no distinction for breaches caused through negligent loss or theft by a hacker, a loss is a loss. The method by which data is lost is only considered as a mitigating factor once prosecution is complete and a punishment is being determined.
Also worth noting is that the high profile nature of a DPA prosecution only serves to further increase the negative brand exposure associated with cybersecurity breaches. The cost of a breach is far, far higher than the headline cost of a DPA fine when you consider loss of earnings, and the costs associated with repairing damage, preventing further attacks and mounting a defence during a criminal trial.
Ultimately there are three major reasons you need to ensure cybersecurity is built into your IT infrastructure and software as standard; to protect corporate assets, to protect the company reputation and to meet legal obligations. Total cybersecurity is not optional as any failure, no matter how small, has the potential to put you out of business.
Subscribe to our newsletter for free advice delivered to your inbox on a fortnightly basis.
Andersen Cheng, CEO at Post-Quantum Solutions
Integrity must underpin everything that PQ does. Dootrix demonstrated this in abundance. Andersen Cheng, CEO at Post-Quantum Solutions