Cyber security: an IT issue or a people issue?

Technology continues to revolutionise the way we live our lives.

But while consumers are happy to rely on wearables, smartphones and cloud-based apps – all of which collect personal data – to manage their personal and working lives, concern about privacy is growing.

New research from Deloitte indicates that 87% of consumers are aware that businesses collect their personal data, but businesses should take note: over 70% said they would reconsider using a company if it failed to keep their data safe.

Improving cyber security

In the wake of this growing concern and multiple high profile attacks in the last year which have seen hundreds of thousands of individuals’ personal data illegally accessed and multiple companies’ reputations damaged, businesses are seeking ways to improve their cyber security.

One possible solution is for businesses to see cyber security as a cultural requirement, rather than something they can take care of by simply installing security software on their networks.

Simon Browick, Director in Cyber Risk Services at Deloitte, agrees: “Cyber security has moved beyond simply being an IT issue; it’s now a business-wide risk which requires immediate attention.”

Human factor

Human error and ignorance of tech risk continues to be the leading threat to cyber security.

Typically employees have, to IT staff’s chagrin, proven to be fairly inept when it comes to security around things like email which have been around for years, with passwords attached to screens and systems left logged in among the chief offences.

Nowadays, thanks to tech advances and the prevalence of cloud-based software, new ways for employees to inadvertently expose information have been introduced.

So, what should businesses do?

Beyond compliance

The research from Deloitte shows that compliance with the relevant legislation is the bare minimum businesses must strive to achieve.

After all, most of the companies who’ve suffered high profile data breaches recently were compliant, but the risks are not limited to fines and legal repercussions: lost custom, lost reputation, and operational downtime in order to repair the problem all result from suffering a breach.

In short, if you suffer a data breach then you’ll lose customers and income, regardless of whether you’re compliant.

A better approach is to proactively ensure your business culture promotes cyber security, reducing the risk of a breach happening in the first place.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.