Scottish firms are sleep walking into “potentially business ending” cyber attack disaster, an online security expert has warned.
Robert O’Brien, CEO of information security software company MetaCompliance, said the rise of cyber attacks means organisations must act to defend against online breaches.
Failure to do so would leave businesses facing “severe financial consequences” when new regulations are introduced next year, he added.
He made the comments after it was revealed almost half of UK firms fell victim to online attacks last year. The Department for Culture, Media and Sport revealed that 46% of companies suffered a cyber attack or breach of their computer systems.
“The number of business affected in UK has almost doubled in a year. The surge of attacks highlights the startling threat to the business community and the alarming potential for floods of personal details to fall into the hands of thieves,” he said.
The financial threat to businesses of ignoring cyber risks will soar with the introduction in May 2018 of the new General Data Protection Regulation (GDPR).
“With the GDPR approaching, companies need to get their acts together to avoid very costly and potentially business-ending penalties. Organisations who are found in breach of the regulations will incur penalties of up to €20,000,000.
“Research suggests that a worrying number of UK businesses believe GDPR will not
affect them, especially in light of Brexit. However, the very future of Scottish companies dealing with European data depends on them understanding and complying with GDPR law - which the UK Government has pledged to adopt regardless of Brexit.
“GDPR will require organisations doing business in the EU and the UK to disclose major data breaches - including those stemming from cyber-attacks - to data protection authorities and affected customers.
“For all businesses, the first line of defence is employees and it is vital that they are given the training and education to ensure no doors are left open for hackers. It important that everyone is fully aware of their responsibilities to take the right steps to minimise risk from cyber criminals.”