No organisation, big or small, is immune to a data breach, and instances of cyber crime have risen dramatically in recent years as organisations become increasingly dependent on technology and computer systems. According to the Hiscox Cyber Readiness Report 2018, if you factor in only those organisations that were targeted, cyber crime has cost organisations an average of $229,000 over the past year.
General Data Protection Regulation (GDPR) comes into force 25 May 2018 which will bring stricter penalties for insufficient data security. It is therefore important for organisations to understand how to protect themselves against cyber risks, and how to mitigate the impact a data breach may have.
A cyber risk usually refers to some sort of data breach, and is generally considered to be any risk originating from ‘cyber space,’ or as it is more commonly known, the internet. A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorised to do so.
There are various causes of data breaches:
An example of data loss would be where a malware attack has deleted large amounts of customer data from your computer. Data theft could be as a result of a viral infection (e.g. from a phishing email or hacker) which allows data to be stolen from your hard drive.
Contrary to popular belief, data breaches are most commonly as a result of human error, with almost two thirds of data breaches caused (inadvertently) by employees. This could be anything from an employee losing a memory stick holding customer data, to sending information to the wrong person.
Hacking is where someone maliciously gains unauthorized access to data in a system or computer with the intent of stealing the data for personal use or to sell for financial gain.
A weak or compromised security software system on your network could leave your organisation especially vulnerable to a cyber attack.
As well as the cost of clean up after a data breach (such as implementing new security systems), with GDPR comes more stringent penalties for data breaches. For a breach, a firm can be fined up to €20,000,000, or up to 4% of the annual worldwide group turnover of the preceding financial year - whichever is greater. For a small organisation, this could be financially devastating, so it’s important to make sure your cyber security is up to scratch.
Aside from the loss of data or the financial implications, a cyber attack could cause serious reputational damage to your organisation. This could result in loss of funding or clients, with people less likely to engage with your organisation for fear of their data being compromised.
If a website or back office system were to be hacked, for example, an organisation may find that they need to stop or slow down day-to-day activity whilst they get their website and/or security systems back up and running following a breach. As a result the organisation may see a loss of income if products and/or services cannot be delivered.
Read our disclaimer.
With fraud costing UK charities up to £2 billion a year, it’s becoming increasingly important for charities to protect themselves against both internal and external risks.
On the 25th May 2018, The EU General Data Protection Regulation (GDPR) comes into force, and will be implemented in the UK via the government’s new Data Protection Bill.