Deadly data demands rigorous control
EU laws designed to protect companies and consumers against cyber fraud will pile additional burdens on business already under siege from international hackers, a Marcomms Group seminar was told. The message that ‘data is dangerous’ unless rigorously protected, was a key them of the Group’s Cyber Crisis seminar in September.
The speakers focused on three aspects of the growing cyber threat: the legal implications, preparation and protection, and communications strategies.
Helen Nuttall from international legal advisors DAC Beachcroft focused on the
provisions of the EU Data Protection Regulations. They come into effect in 2018 and threaten fines of up to €20 million for breaches by companies of customer and consumer data confidentiality. She outlined seven key areas of cyber risk for immediate management attention ranging from sanctions and litigation arising from the new law to crisis management.
The scale of cyber fraud was revealed by Graeme MacGowan, a special risk advisor from the EU Cyber Security Cluster Advisor Board. A former advisor to GCHQ, MacGowan said that people with Facebook and Smartphone were at 33% greater risk of identity fraud. The public lost £260 million to cyber crime in 2015 while there had been 45 million attempted attacks against online retailers in the last three months of this year.
By 2020, when 26 billion devices will be connected, cyber crime is forecast to cost $2.1 trillion. Business faces threats not just from criminals, but also from new legislation. He urged companies to undertake company wide training and awareness: ‘Educate, train, prepare, protect, test.’
Approaches to handling cyber crises were dealt with by Ben Curson, MD of CNC Communications. He revealed that while nearly 70% of businesses say cyber security is a high priority for senior managers, only 10% had a formal incident plan.
Curson said it was crucial to prepare for the EU data protection laws as well as the general threat and that communication was a major element in cyber security. Plans for a response to cyber crisis should include a through pre-breach phase which identified threats and involved every department in the company. The crisis response plan should embrace key operations from the development of a communications strategy in the event of cyber security breaches to social media and a media hotline. Recovery from cyber attacks was an essential part of the response.