Any business owner will appreciate that a loyal customer base requires hard work to establish and retain. The loss of customer data is perceived as a uniquely intimate breach of trust between a company and their customers that can undermine that hard work, doing damage that is often severe and very hard to reverse. Practically every business handles customer data in some form, meaning that the issue affects companies in all sectors. Arguably it is a bigger challenge for businesses that may not regard themselves as tech companies and, therefore, may be slow to dedicate sufficient resources to staying ahead of the hackers.
The dangers to companies of all sizes are perfectly demonstrated by the recent case of a high profile airline, who have been fined £20m by the UK’s Information Commissioner's Office (ICO) for losing the personal data of 400,000 customers. Organizations that have the potential to dedicate substantial resources to cybersecurity are often shown to be as vulnerable as anyone when caught off-guard.
The case proves that the ICO is prepared to levy large fines on companies that fail to protect user data. Arguably, the airline was lucky that - in recognition of the current crisis in the aviation industry - the ICO chose not to levy the full £184m fine that was originally proposed.
With the EU’s GDPR in force, it’s unlikely that this will be the last time we see fines of this magnitude. Nor is the airline the first case of its sort. In 2015 a telecom giant suffered a sustained cyber attack that resulted in the loss of a large number of customers’ personal and banking details. It is a sign of the uncertainty that such attacks generate that while the telecom group put the number of customers affected at 156,595, other estimates put the number of affected customers at up to four million. The company was fined £400,000 by the ICO based on the data protection regulation prior to GDPR and the company’s CEO lost their job, but the real cost to the company, when accounting for the loss of 101,000 subscribers and the huge reputational damage done, was in the tens of millions of pounds.
Almost half of businesses report having experienced cybersecurity breaches in the past 12 months, with breaches becoming more frequent each year. And yet, it appears that many companies neglect to prioritize cybersecurity, regarding it as tangential to their core business, or an unnecessary expense to guard against a marginal threat. However, the threat is real, and the consequences of being hit by an attack can be severe.
While the damage done to customer confidence grabs headlines, it is only half of the story. Suppliers may become more reluctant to deal with companies that have been compromised, growth plans may have to be scaled back, amplifying the costs over a longer period, which in turn is detrimental to investor confidence. All of this provides the perfect opportunity for competitors to step in and take away customers whose brand-loyalty has been dented.
Cybersecurity requires more than just the ability to prevent attacks, it requires the ability to detect an attack once it is underway and react quickly. In both of these high profile cases, the impact of each attack was exacerbated by a failure to detect and stop the attackers once they had gained access to the company’s system. Apart from allowing the attackers time to access more customer data, this failure makes it extremely difficult to ascertain what data has been compromised, adding substantially to the cost of fixing the damage done.
The best way for any company to improve cybersecurity is through the application of internationally recognized standards. With cybersecurity threats constantly evolving, standards keep companies up-to-date on the latest processes and help with the implementation of employee training. ISO/IEC 27001 is designed to maximize an organization’s operational resilience, allowing them to face sudden disruptions and adapt to the ever-changing security situation. Meanwhile, ISO/IEC 27701 is an extension of ISO/IEC 27001, which provides confidence that customer privacy is properly managed. As well as minimizing the risks of malicious attacks and accidental data loss, these standards can support legislative compliance, and in doing so reduce the potential for the additional pain of being penalized should anything go wrong.
Protect your business with cybersecurity standards
Cybersecurity is now an issue for every organization across the world, of every size and focus. It has moved from a technical specialism to a mainstream concern for individuals, businesses and government.
With businesses more reliant on data and the acceleration of high-speed wireless internet connection, coupled with advances in processing technology, there has been an increased risk of data leaks. The demand for data protection has never been so high. Standards can help you safeguard intellectual property and personal data, protect valuable IT infrastructure and manage cybersecurity processes effectively to mitigate the threats of cybercrime. Discover the key cybersecurity standards needed for data protection.
Protect your business with key cybersecurity standards, find out how you can access all the key cybersecurity standards with British Standards Online Library (BSOL). Build your own collection and keep up to date with any relevant changes to your cyber standards.
Get in touch today and stay in control of your business with a cyber strategy in place.