Nowadays, the increasing demands that small business and corporations face given the technological and cybernetic advance of global business interconnections are calling for new security standards as well as more advanced mechanisms to cope with constant threats to clients, employees and businesses. Regardless of the size and scope of a company, cyberattacks and data breaches are threats that businesses can't afford to ignore any more.
According to the UK government’s Cyber Security Breaches Survey 2017, around 46% of businesses overall in the UK have been victims of at least one cybersecurity breach or digital attack, while 66% of medium/large enterprises and 45% of micro/small businesses have come under attack in the last 12 months. These surprising statistics suggests that corporations in the UK are highly vulnerable and that regulations and counteracting measures should be enhanced to prevent cybercrime and strengthen corporate and civil protection.
With major data breaches at the NHS, Uber and Equifax earlier this year, more and more companies are paying attention to cyber security threats and are demanding more effective tools and risk management mechanisms to strengthen their operations from the core. However, according to government figures, companies in the UK overestimate their levels of protection and there is a general misconception of what cyber protection means. Only 20% of businesses have formal policies on the issue or have established specific corporate area to assess the risk, including trained staff.
In this regard, SolarWinds MSP’s 2017 Cybersecurity Preparedness survey, analysing over 400 companies in the UK and US, found that despite 87% of companies feeling confident about their cybersecurity preparedness, only 29% of businesses were not breached, meaning that this confidence is misplaced and that cybersecurity risks are constantly underestimated. With an average cost per breach of around £59k for small businesses and £724 for medium/large enterprises, investment in cybersecurity and data protection is a must, but as experience has proven, businesses remain reluctant and quite naive about it.
According to this survey, there are seven major cybersecurity pitfalls that explain the high vulnerability figures:
1. Major inconsistencies in security policies, which are not reliably applied.
2. Lack of training is resulting in negligent practices.
3. General short-sightedness regarding cybersecurity technologies deployed by global companies.
4. Complacency within companies hinders real diagnosis of vulnerabilities.
5. Businesses are still inflexible regarding new technologies after a breach.
6. There is stagnation in prevention techniques.
7. Business need to avoid lethargy regarding detection, response and detection times.
Enterprises need to learn from their past mistakes to effectively tackle an invisible enemy and set the basis for a new global protection scheme. For instance, the implementation of the General Data Protection Regulation (GDPR) in the European Union is a step forward to enforce a common legal and operational approach to data protection for global companies in the EU and even those doing business with any EU country or managing EU residents’ personal data. This could ultimately lead to a global legal scheme. This new set of rules will ensure that data collection and administration is done under legal and strict conditions. Data must be processed transparently and fairly for legitimate purposes, obliging companies to protect data owners from misuses and exploitation while protecting firms from cybercrime.
"WITH ONLY MONTHS LEFT BEFORE ITS APPLICATION, ENTERPRISES ARE AT A CRUCIAL POINT IN THE TRANSFORMATION OF DATA PROCESSING STRUCTURES AND THE CREATION OF NEW CORPORATE POLICIES".
That said, under the GDPR, companies are liable for any data breach that could harm data users and are obliged to disclose it to customers. They also must comply with several legal requirements when storing, managing and protecting private and public data. Therefore, compliance measures must be taken seriously, and more than being seen as an expensive and inconvenient task, as many companies in the UK have publicly expressed, they must be seen as an opportunity to improve security practices, create new business and expand the foundations of global business in the already cybernetic world.
According to the European Commission, applying the GDPR will create a uniform legal frame that solves the problem of inconsistent and sometimes opposing national laws in the EU. Furthermore, the financial benefits of its implementation are estimated at £2bn per year. Also, in its implementation phase, it has the potential to generate much business in the areas of virtual data rooms, identity theft protection, advanced penetration testing, artificial intelligence, network monitoring and niche security.
With only months left before its application, enterprises are at a crucial point in the transformation of data processing structures and the creation of new corporate policies. In this process, they are due to transform their cybersecurity structures into transversal mechanisms concerning every area of the company and not just the IT department. Recognising the magnitude of their vulnerabilities, investing in technology platforms, enhancing governmental and corporate cooperation and opening channels to cover the skills gap in the cybersecurity sector are therefore fundamental for enterprises preparing for the implementation of the GDPR and seeking to take advantage of the potential benefits of this legislation.