Data Breaches to Hit CEO's (In The Pocket)
Has your CEO been taking a keen interest in all things cyber recently? If so, it might just be that they have got wind of the recent report from the UK parliament which spells out that the cybersecurity buck no longer stops with the IT department but right there at his desk. In fact, the UK Commons committee for Culture, Media and Sport, recommends that part of his pay should be cut when you suffer a cybersecurity breach that could have been prevented.
Cybersecurity – The New Priority In The Boardroom
As the number of personal data breaches began to escalate, the UK parliament stepped up to the mark to investigate what needs to be done to protect our personal data. The result was a report called Cyber Security: Protection of Personal Data Online. Until now there has been a lack of legislation
with teeth” to make companies that aren't regulated up their game on cybersecurity. Penalties haven't been particularly severe so it has been a cost / benefit judgement call. Now though, the Government wants to raise data protection to the top of the boardroom agenda, and what better way than to make a data breach hit your CEO in the pocket. Their recommendation is that
The ICO (Information Commissioner’s Office) should introduce a series of escalating fines, based on the lack of attention to threats and vulnerabilities which have led to previous breaches, and that
A data breach facilitated by a 'plain vanilla' SQL attack, for example, or continued vulnerabilities and repeated attacks, could thus trigger a significant fine.
Do The EU Data Protection Regulations Matter After Brexit?
On 1st July, the ICO provided clarification on the EU General Data Protection Regulations in a Referendum Result Response statement, and we can expect more information over the coming weeks. In reality, given that the UK needs to negotiate the best possible trade agreement with the EU, it is unthinkable that we would settle for weaker data protection regulations than the benchmark set by the EU. As the ICO states;
Having clear laws with safeguards in place is more important than ever given the growing digital economy, and we will be speaking to government to present our view that reform of the UK law remains necessary.
How To Jump Start Your Cybersecurity Improvement Programme
The EU General Data Protection Regulation (GDPR) has now been passed, and is scheduled to become UK law in May 2018. If you are having to get to grips with data security for the first time, you will be pleased to know that that there are software tools now available to you that will help you to create an information asset register, map out your data flows and create information security policies that are compliant with ISO 27001 and the GDPR. You can even find out where personally identifiable information is hiding on your network, and empower the data owners in your company to control who can access it.
In reality it is virtually impossible to guarantee that you will never be hit by a data breach, but by reviewing your data protection measures and plugging the gaps that are appropriate for your company, you could make your conversation with your CEO the day after you suffer a breach a lot more comfortable for both of you, especially the second time around!
Enterprise Account Manager