With the tightening of laws and regulations about data protection and privacy – and the General Data Protection Regulation (GDPR) in particular – organisations have a duty to report any breach in a timely manner to avoid tough penalties. Under the GDPR, they will have 72 hours to notify their supervisory authority of the incident, facing fines of €10 million or up to 2% of annual global revenue if they fail to do so.
Organisations voluntarily disclose breaches
Cisco’s 2017 Annual Cybersecurity Report showed that 49% of all organisations affected by a breach had to cope with public scrutiny. 50% of these had voluntarily disclosed the breach, 31% reported the breach to comply with regulatory requirements only, and the remaining 19% said the breach was disclosed by third parties. These stats confirmed the growing trend of coming clean when it comes to data breaches: organisations prefer to manage the publicity about the breach rather than leave it to third parties that may not be complimentary.
Loss of revenue and business opportunities
According to the report:
- 23% of security professionals reported loss of business opportunities;
- 29% reported loss of revenue and “of that group, 38% said that revenue loss was 20% or higher”;
- 22% reported loss of customers
Not being cyber secure is not affordable
Many organisations cannot afford to face public scrutiny or lose business opportunities, revenue and customers. A recent survey revealed that cyber security incidents cost UK firms £34.1bn in the past year. In order to avoid this, large proportions have decided to invest more in risk analysis and mitigation (37%), training of security staff (37%) and in security defence technology or solutions (37%).
Businesses need to be proactive with security
Geraint Williams, head of Technical Services at IT Governance, says “With cyber breaches hitting the headlines almost daily, it’s hard to imagine why so many organisations are still putting security at the bottom of their agendas. Even if you are a relatively unknown organisation, of little apparent interest to an attacker, criminals’ automated scans will find you.
“New vulnerabilities are readily identified and exploited by criminal hackers. In many cases, you won’t even know that your defences have been breached until it’s too late.
“This is why it is crucial that all possible steps are taken to protect the business, not only to reduce the fallout of an incident, but to stop it from happening in the first place.”
The path to cyber security confidence starts with penetration testing
Penetration testing is an essential component of your cyber security strategy: it helps you assess your company’s risk appetite as well as identify the most vulnerable parts of the system and network that can be exploited by external actors.
Contact us on +44 (0)845 070 1750 or email email@example.com to discuss your penetration testing requirements and request a free quote.