Are you making the most of your data | Deloitte UK has been saved
Limited functionality available
Phill Everson, Cyber security expert at Deloitte, discusses the associated risks and how businesses in the South West can get this right.
More and more businesses in the South West are waking up to the fact that the responsible use of people’s data allows privacy to be a business enabler rather than just another compliance headache. Getting privacy right means that you will be able to capture the trust and confidence of consumers who will repay you with loyalty and access to much sought after personal data.
There are three key privacy challenges facing small businesses currently:
Key risks of inadequate data protection include: vulnerability to security breaches, loss of valuable confidential data and reputation in the marketplace, loss of customers, public trust, and brand reputation due to lack of unstructured data (big data/social media data) analytics capabilities for detecting emerging risks impacting organisation’s reputation. Ultimately business disruptions or loss of business are direct consequences of inadequately secured data.
There is also the potential for fines and penalties from the inability to meet regulatory requirements or the inability to integrate and aggregate data to derive meaningful conclusions, which can result in lost opportunities, inability to respond to risk and other regulatory sanctions.
Breaches of information security for small businesses are still rising. The 2016 Cyber Security Breaches Survey reports that 33% of small businesses had a breach in the last 12 months and that nearly half of these didn’t know the source of their most disruptive breach or attack. As to the effect an information security breach has on a business, only a very small proportion - 5% of businesses of all sizes - have ongoing monitoring of breach costs and may often underestimate the actual cost to their organisation. In 2015, a similar survey stated the average cost of a breach to a small business was in the region of £75k - £311k, with the highest costs being disruption to business operations followed by loss of business.
In recent years, small businesses have suffered a rise in cyber attacks in the form of viruses or malicious software, rising from 41% in 2013 to 63% in 2015. Thus far in 2016, nearly seven out of ten attacks on firms of all sizes involved viruses, spyware or malicious software, and this is an increasing concern for small businesses (who may have relatively fewer resources to devote to security). The 2016 survey notes that only 22% of small businesses have conducted cyber security training in the past 12 months, which highlights the need for greater security awareness among staff.
What and where is your confidential data? How is it being used? What is your risk of data loss and exposure? The first step is to complete a risk assessment to answer these questions; this will discover, classify, assess impact and likelihood, monitor risks and ensure data protection.
Other potential solutions and opportunities to manage data protection risks include implementation of data loss prevention tools, data governance frameworks, ownership and accountability of data, incident response frameworks, cryptography initiatives, mobile device management and information rights management.
Phill leads the Cyber Risk Services practice for Deloitte in the UK. His background is in the planning and execution of major change programmes within IT organisations to transform their efficiency, effectiveness and linkage to business strategy. These programmes typically have involved changes in strategy, people’s behaviours, reconfiguration and refresh of technology together with process redesign. Phill is a Fellow of the British Computer Society