Cybersecurity risks are receiving a huge amount of media attention so we thought a quick snapshot of what is going on might be useful.
The Cybersecurity Cloud
Barely a day goes by without a news article or report on cyber-security issues - these are some of the higlights and key-trends over the past few weeks:
- The FT has reported that cybercrime costs the US over $100bn a year.
- In the UK, the cost of cybercime is estimated to be around £18bn to £27bn a year.
- A home affairs select committee in the UK has found evidence of widespread low-level cybercrime involving payment card and bank account details where the perpetrators are not pursued due to UK banks electing to compensate customers for any losses which they suffer - those MPs involved in the report conclude that the UK is losing the war on cybercrime (particularly as cybercrime services are being advertised for sale on Facebook - which I guess makes it anti-social media).
- Growing M&A activity in relation to cybersecurity specialists by large IT vendors e.g. Cisco's recent acquisition of Sourcefire, demonstrating a perceived growing customer appetite and source of revenue for cybersecurity products and services.
- Other market trends include the growth of the cyber insurance market which has grown five-fold in four years from $200m in premiums to $1bn in 2012 (and locally, we're seeing increased client interest in these types of policies and the evolution of policy wording which is appropriate and relevant to cyber-security risks and liabilities).
- A recent cyber-security study conducted by PWC on behalf of the Department for Business Innovation & Skills found that security breaches had been suffered by 93% of large organisation and 87% of SME's in the past year.
- The same report found that the average cost of dealing with the worst security breach was £450k to £850k for large organisations and £35k to 65K for SMEs; a large percentage of the security breaches were due to human error or had been perpetrated by staff; and, supported the trend in relation cybersecurity spend, with almost half of those surveyed confirming that they intended to invest more in cybersecurity in the next 12 months.
- The number of cybersecurity reports is growing, with reports tracking not only the frequency and direct financial impact of security breaches, but also customer attrition rates arising from cyber-security attacks and security breaches.
Regular readers will by now be bored of us writing about the requirements of the 7th principle of the DPA (the obligation to implement and maintain appropriate technical and organisational measures against unauthorised use of personal data) and our 'security, security, security' mantra. Whilst not all cyber-security risks will involve personal data, many of them will, and regular readers will know that the area where the ICO has traditionally applied fines is in respect of security/7th principle breaches.
And The Silver Lining
The good news for SMEs that we promised in our headline is that the government is anxious to actively provide assistance to those SMEs who operate at risk of cybersecurity attacks. So, the Technology Strategy Board is making available vouchers of up to £5k each to spend on the provision of cybersecurity services and advice from approved suppliers.
If you want more in-depth analysis of cybersecurity risks and issues and their impact on data protection compliance, please get in touch and let us know.