Cybersecurity should be a priority for all businesses and there is no excuse for failing to take the matter seriously in 2020. Staff must be adequately equipped to deal with threats; businesses must understand the importance of adhering to data protection laws; and consumers should be aware of their rights.
The importance of educating staff on cybersecurity cannot be understated. If staff are not sufficiently upskilled, businesses make themselves more vulnerable to cyberattacks. When staff are not confident in their ability to prevent leaks, they can easily end up causing one. In the disastrous Equifax data breach, there was a failure to patch known security vulnerabilities, and a failure to identify the ongoing flaws that hackers subsequently exploited, demonstrating a complete lack of understanding for the most basic of security protocols. Unfortunately, any cyber-defence is only ever as good as its weakest link, and staff without the appropriate cybersecurity knowledge can seriously hinder efforts to make private information secure.
Ultimately, the responsibility lies with businesses to protect personal data, and they must train staff and ensure the company as a whole strictly adheres to data protection legislation. The law is clear, and the introduction of the GDPR not only makes the law clearer, but it also enhances the public’s understanding of data protection.
Businesses that fail to take data protection laws seriously could face seismic legal and financial implications. Simply put, if you breach the law, you could be liable for a compensation claim and a regulatory fine. The financial implications can be ruinous, as seen in the BA data breach case, with an estimated combined pay-out figure of £3bn and a provisional regulatory fine set at £183m.
Market competition across sectors could literally be shaped by such data breaches. Those who fail to implement the necessary cybersecurity measures required to protect themselves could face severe financial and reputational damage, as well as significant loss of market share. The ICO also has the power to prosecute for deliberate and reckless breaches of the law, which could result in employees losing their jobs and facing serious criminal charges.
For consumers, their rights must be communicated clearly. If you’ve been affected by a data breach, you will likely be entitled to compensation for any distress caused by the loss of control of your information, as well as for any financial losses that have occurred. The recent high-profile Google ruling also means that consumers now have enhanced powers when claiming for being victims of a breach and do not even need to prove they have suffered distress and can claim for merely being the victim of an incident.
With the new decade underway and GDPR approaching its second anniversary, businesses should have already provided staff with the training they need to meet cybersecurity requirements. Businesses cannot afford to take a relaxed approach to data protection – to do so can result in a significant security crisis. It is vital that staff are appropriately upskilled to deal with potential threats, and their training must be continually managed and refined to meet new and developing threats. All organisations must put data protection at the top of their agenda in 2020 to ensure the strongest defence against data breaches, or they could easily face irreversible reputational damage and financial implications that could simply put them out of business.
Lawyer and Director
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.