This blog has been updated to reflect industry updates. Originally published December 2017.
With the number of data breaches increasing every year, they are now a huge issue for organisations. 46% of all UK businesses identified at least one cyber breach in the past 12 months and and the International Data Cooperation predicts that a quarter of the world’s population will have been affected by a data breach by 2020. It should be obvious that it’s a priority for companies to learn how to keep data secure.
How are breached businesses affected?
A business suffers in many ways when it falls victim to a data breach, one of which is dealing with the financial repercussions. There are a range of different costs associated with a data breach, such as paying back any money taken as a result of the breach, compensating affected customers, share value plummeting and having to pay for the right protection to ensure a breach doesn’t happen again.
In addition, breached companies can be fined by the ICO (Information Commissioner’s Office) with penalties reaching a maximum of €20 million (about £17 million) or 4% of global annual turnover, whichever is greater, under the GDPR (General Data Protection Regulation).
After paying off fines, the breached company also has to deal with reputational damage. Breaches have a massive negative impact on a company’s customer base, particularly if the breach involved sensitive data. Customers lose confidence in the brand and don’t feel that their data is secure. A breach also puts off potential customers.
The impact of a breach is tied to the type of data involved. If the organisation’s confidential data has been exposed, it can have catastrophic effects. If personal and financial details of staff and customers are breached, those people are left open to the risk of identity theft.
In 2015, TalkTalk suffered a data breach in which the details of more than 150,000 customers were stolen, including bank account details of about 15,000 of those customers. The company lost 95,000 subscribers as a result of the attack, costing it £60 million. On top of that, TalkTalk was also fined £400,000 by the ICO. However, TalkTalk subsequently failed to adequately protect its data and, in 2017, the details of more than 21,000 people were unlawfully taken. On this occasion, the company was fined £100,000. If this breach took place now, TalkTalk would almost certainly have received a significantly higher fine.
Data Protection Officer as a Service
Our sister company GRCI Law Limited is a legal consultancy specialising in data protection and cyber security. Under its DPO as a service offering, a qualified, experienced member of the team will act as DPO (data protection officer) for your organisation. The role of the DPO is to monitor your data protection activities and compliance with the GDPR, and to offer advice on a day-to-day basis.