IN THE business world, protecting sensitive data is essential. However, rising to that challenge is becoming increasingly difficult for even the most dynamic of organisations.
The facts speak for themselves. According to the Ponemon Institute, the cost of a data security breach for companies in the UK ranged from £160,000 to £4.8 million.
With an ever-expanding, increasingly sophisticated and persistent threat landscape, which is driving wider legislation to ensure organisations are adequately protected, the need for companies to look specifically at how they take specialist action on cyber security is fast becoming a business necessity.
However, the threat to Scotland’s companies does not just come from the so-called “hackers”. Legislation is also creating new risks and threats. Proposed changes to the European Union’s Data Protection Rules are set to give individuals more control over the use of their personal information and pose a new set of tighter regulation on all companies that hold and process personal information. Under the new regulations, organisations will have to swiftly alert individuals when their personal data is lost, stolen or hacked. Companies that suffer a data breach must inform the data protection authorities and the individuals concerned within 24 hours of the disclosure being identified. Fines of up to 2 per cent of an organisation’s global turnover may be imposed should they breach the Data Protection rules.
Companies have historically taken a gradual approach to technological change, but the rapid advance of technology and the increasingly effortless sharing of information means many companies need to now radically address how they deal with cyber security. Taking a far more innovative and proactive approach to prevent threats rather than cleaning up after an attack has taken place has become essential.
Traditional methods of keeping sensitive data safe are no longer valid. Firms need to act now to address a changing and increasingly complex world. Through greater collaboration, more investment and a focus on more innovative practices, Scotland’s business community can win the battle to protect their security and their customer data.
• Raul Rodriguez is Technology Risk Services Manager at Grant Thornton UK LLP