Cybercrime. The possibility of Companies experiencing a data breach is much higher than we think!

“You’ve had a data breach!”

 

Dreaded words for any CEO! With cybercrime on the increase, many businesses seem oblivious to the cyber threat. A data breach could result in your business closing down.

The use of technology to manage daily business activities is increasing exponentially and the risks associated with technology use are keeping abreast, if not outpacing the technological changes. All the information used in the transaction lifecycle has a value and needs to be protected. The complexity and diversity of the types of technology/devices in use contributes to the number of access points available to the cybercriminal.

 

Exploitation of the people working within your environment is inevitable and the modus operandii is ‘phishing’ attacks. Antonio Forzieri of Symantec stated that in 2014 at least 1 in 214 emails was a spear phishing attack. Linked to that, SABRIC estimated that in 2015 South Africans lost in excess of R2.2 billion to internet fraud and phishing attacks.

 

“A data breach won’t happen to me!”

You are wrong! There will be more breaches in 2016 than there were in 2015. The HM Government 2015 information security breaches survey reports that 90% of large businesses with more than 500 staff members, and 74% of small businesses suffered a data breach in 2015. The cost of a breach has also increased exponentially from £600k to £1.46million for a large organisation. The Verizon 2016 Data Breach Investigations Report indicates that no industry ‘escapes’ the cybercriminal and furthermore, certain industries such as accommodation, entertainment and finance are more likely to suffer a breach. The effect of a data breach can be as severe as closing the business or ‘no impact noted’. The direct impact of the breach is determined by the organisations’ response to the breach and the level of staff involved. Accordingly, as Economic crime is now part of life and it is critical that you are prepared for a data breach. The key question is HOW?

 

There are a number of steps that any business should take to protect themselves when a data breach occurs and these include:

  • An effective incident response plan
  • Senior Management and Director level involvement in the response plan
  • Maintaining a robust corporate culture with regard to the use of data
  • Implementing a strong security culture within the organisation
  • Determining the level of insurance required to protect the organisation from financial loss. Decision makers and their Insurance brokers should be careful not to just apply “blanket” limits associated with normal policy construction. Rather, a detailed analysis of the cost of attacks on data should be done and the appropriate levels of cover applied. As this is a highly specialised field of Insurance, ensure that the company providing the cover is a specialist in the field and that the correct questions are asked and disclosures made during the underwriting of the cover.

Article written by Dean Zeller (Zeller Attorneys)