In a recent survey carried out by Oxford Computer Group, security was cited as the biggest concern for businesses in 2016. The Industry Forecast 2016 survey saw 20% of respondents highlight security as the most prominent challenge they are expecting to face in the coming months. This result was up 18% when compared to 2015’s challenges.
This result is unsurprising considering UK cyber security fraud is up 21% in the 12 months leading up to October 15. This is just one of the many reasons why the European Parliament is keen to enforce its General Data Protection Regulation (GDPR) as quickly as possible.
The announcement that the GDPR will soon be coming into force has once again highlighted the severity of this issue for all organisations. Coupled with some recent high-profile data breach cases at TalkTalk and VTech, businesses are being prompted to take an even closer look at their security measures.
General Data Protection Regulation
The GDPR, part of the EU’s cyber security strategy, promises stricter rules to protect personal data. This is great news for consumers, but creates a real headache for any business that handles personal data – effectively, every business. It is designed to act as a ‘stick’ to force businesses to address data security procedures, or face fines of up to 2% of worldwide turnover.
Previously the fine for a data breach has stood at a maximum of £500,000 in the UK – a drop in the ocean for many businesses. But to suffer a fine amounting to 2% of turnover could seriously dent tight profit margins, and shatter share prices. Not to mention the damage to the business’ reputation which will undoubtedly result – TalkTalk has lost over 100,000 customers following its 2015 data breach.
Network and Information Security Directive
The NIS Directive, also part of the EU’s cyber security strategy, is due to come into play in 2018. The aim is to facilitate cooperation between member states when it comes to infrastructure (including digital networks), and also to protect essential services including:
- Energy (oil, gas and electricity)
- Transport (air, rail, road and water)
- Financial markets
- Public and private healthcare
- Drinking water supplies
- Digital networks
Businesses and organisations in these fields will be required to manage risks to their security, take appropriate measures to prevent attacks, and minimise the potential success of such attacks.
The NIS Directive doesn’t specify actions that should be taken by these organisations, stating that measures should be ‘state of the art’ and therefore developing over time to keep up-to-date with the threats posed.
While data security certainly isn’t a new issue, as hackers and thieves adapt their attacks to work around security measures, businesses must continue to learn and develop even more sophisticated defences, or run the risk of severe damage to their bottom line.
Advanced Threat Analytics DEMO
Watch our on-demand Advanced Threat Analytics webinar. OCG’s enterprise mobility expert, Mat Richards reveals how your business can quickly detect suspicious activities in its systems and avoid a data breach.