Are data breaches inevitable in a digital age?

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Business

Posted By Gbaf News

Posted on February 27, 2013

Are data breaches inevitable in a digital age?

Christian Toon, Head of Information Risk, Global Security Services, Iron Mountain

With 93 per cent of large and 76 per cent of small organizations admitting to falling foul of a security breach in the past two years, you would be forgiven for thinking that some form of data loss within business is inevitable. Indeed Iron Mountain research found that more than half (53.3 per cent) of European businesses expect to lose data. As a result, they are unprepared when it comes to protecting company information.

4948 This complacency is cause for concern. Many businesses are choosing to insure their business against the financial impact of data loss, rather than doing something to protect against the loss in the first place. Surely it would be more cost effective and better for the long-term prosperity of the business to invest money in closing the gaps in its data-protection programme and keep information from getting into the wrong hands?

Losing control of your data – the business impact
The European Commission’s draft revision to data protection legislation includes fines of up to one million Euros or two per cent of annual revenue for a data breach. The threat of the potentially huge financial impact of data loss on a business seems to do little to promote good governance when it comes to protecting information and has so far done little to encourage businesses to take greater information responsibility.

However, it’s not just the financial hit that businesses will need to take. A data breach could, potentially, be far more damaging to your business’ brand reputation and customer loyalty. With the use of social media in both a business and personal context on the rise, bad news now travels faster and further, meaning that even the smallest data breach can have serious consequences.

Managing data protection expectations
Before a business can put measures in place to protect its information, it firstly needs to assume responsibility and accountability for that data – wherever the information is stored. By law, companies are liable for the loss of their own data, even if the loss occurs while the information stored with a third party. It is therefore up to businesses to scrutinise, mitigate and manage their own information risk supply chain, as part of their Corporate Information Responsibility (CIR) programme.

The proposed new EU data protection legislation will mean a big change for businesses. According to the draft legislation, timeframes surrounding notification of a breach will only afford businesses 24 hours to notify regulators. This will require processes for the identification and reporting of an incident will need to be slick and efficient. Monitoring data integrity is also a key area for businesses to address. This has become all the more complex thanks to the prevalence of social media and mobile devices. Knowing exactly what information you hold in both physical and digital formats could prove a real headache.

The proposed new EU data protection legislation will force businesses to take action and not be complacent about data loss. It will bring significant positive changes to the way organisations monitor and handle information risk issues, but it won’t happen overnight. Examples of good practice are there to be followed. In Germany, for example, organisations are already obliged to make a member of staff responsible for data protection and ensuring compliance with the law. The challenge will be to get all EU countries to pull in the same direction.

Data breaches must not be seen as inevitable. The proposed changes to EU legislation present a chance for companies to assess whether they have the right policies in place to prevent against data loss; a chance to sure up defences, reduce exposure to information risk and showcase the business as a responsible custodian of sensitive information ─ a business that will take the necessary steps to protect the personal data that it holds on behalf of European citizens. When it comes to exposure to information leaks, businesses would do well to stop mopping the floor and think about turning off the tap instead.

Recommended for you