With data breaches on the rise financial liabilities and burdens are also increasing, not just for headline-grabbing incidents, but everyday attacks on SMBs. Alongside this, legal systems across the globe are spreading cyber warfare warnings, protecting individuals by holding companies to greater account than ever before. The law is not just wising up to data breaches, but attempting to do something to stem the flow of attacks with its own threat of legal liabilities, both civil and potentially criminal too.
“…Unless you’re proactively fighting data breaches,
your business is at risk, and the fallout could be crippling financial and legal liabilities…”
Data Breaches Affect Everyone
Some SMB owners believe they’re too small to fall victim to cyber attack, but the truth is that cyber crimes are directed equally towards all sizes of companies.
A 2013 Ponemon Institute study of 60 companies revealed these businesses were ALL on the receiving end of an average of two successful attacks per week. The cost? Estimated to be USD$11.6 million. While the bigger a company is, the harder if may fall, the study also highlighted that per capita losses for smaller businesses were in fact higher.
“…While the bigger a company is, the harder if may fall, the study also highlighted that per capita losses for smaller businesses were in fact higher…”
Where Do Data Breach Threats Come From?
The non-profit online safety organization, the Online Trust Alliance (OTA), reports, 40% of data breaches in 2013 came from external attacks, with 29% due to internal misuse and employee action, as well as 18% as a result of lost or stolen devices and documents, and 11% because of social engineering or fraud.
Data Breach Costs Are Rising
Data loss costs in terms of remedial investments, not to mention lost productivity and falloff of consumer loyalty, are around USD$144 per compromised data record. On top of this, there is a growing focus on legal compensation to protect consumers and individuals from their personal information being leaked. As well as legal costs implied in any form of litigation, the laws are set to impose heavy fines on companies that do not comply.
Data Breach Is Headline News
High-profile cases all feed into the general climate of fear when it comes to information security. And this apprehension is real. Certainly, 2014 witnessed some big data breach cases, such as the 4.5 million users of Snapchat whose names and phone numbers were compromised, the personal data of 56 million Home Depot customers compromised as a result of POS malware, not to mention celebrity details being at risk with a data breach of iCloud® accounts. One of the biggest data breaches of recent times was Target, a retail store where 40 million customers’ credit and debit card details were compromised. Recompense for many data breaches runs into the millions of dollars.
Data Breach Laws Are Tightening in the US
Recently there has been a call in the US for federal legislation on breaches, with State Attorneys in New York and Washington calling for more legislation too. The Personal Data Protection and Breach Accountability Bill of 2014, whilst not enacted as of yet, shows the way the law is heading. Under this legal protection, civil and criminal penalties could be imposed, including potential jail time, forcing companies to be transparent about data breaches and to take greater security measures to protect PII (personally identifiable information).
And In The UK Too
Across the pond, in the UK, the EU General Data Protection Regulation is set to come into effect, allowing for greater financial penalties for breaches. Estimations are that fines could account for up to 5% of a company’s annual turnover.
Security Measures Are Not Enough
Putting in place security measures might prove to not be enough either, as legal cases prove. Recently, a transport company in the UK was fined when customer data was stolen from a hard drive, even though that hard drive was password-protected. It was assessed that not enough measures had been taken to fulfill data security requirements.
Cybercrime and data breaches are becoming more commonplace and costly and with compensation claims on the rise, businesses need to implement a proactive defense.
Digital Endpoint™ created KnowIT, a Cloud Based Employee Monitoring Software to provide companies with critical information regarding the digital behavior of their employees across Mobile Devices, Macs & PCs.
Want to learn more?