Cyber Security – A Collaborative Approach

Cyber security incidents have recently featured in the media with alarming regularity, and the high-profile of the victims (including BA, Facebook, Google+ and Uber) shows that no one – regardless of how well-resourced or sophisticated – is immune.

The reputational damage caused by an incident is not only severe, but immediate and often irreparable. Added to this is the recent step change in financial risk associated with a security breach, including the Information Commissioner’s Office (ICO) now being empowered to impose fines of up to €20m or 4% of global annual turnover (whichever is higher) upon any business which has been involved in a data protection breach.

Coupled with this is the reality that personal data is amongst the most valuable assets of any modern businesses (according to Dean Armstrong QC it’s “as important a commodity as oil”). As such, it’s becoming increasingly business-critical to protect it; although cyber security as a whole is not always well understood by businesses.

The good news is that the North East is very well resourced to support businesses in managing and mitigating cyber security risk. This capability was superbly showcased at Dynamo’s #CyberFest event last September, which I was lucky enough to attend and can confirm was world class.

A core theme was the need for a multi-disciplinary approach, as technology in itself cannot eliminate all cyber risk. It remains true (according to the most recent ICO statistics) that “phishing” attacks account for the majority of security incidents, although many of them could have been avoided had proper processes, procedures and training been in place.

A failure to patch/update IT equipment is another frequent cause of incidents. These are also often avoidable, although a common frustration for IT teams is being unable to carry out work due to users refusing to agree to downtime. This increases the risk of a cyber-attack dramatically, so processes should be in place to deal with regular, essential maintenance and user education.

Another critical area is IT outsourcing. Any such arrangements must be properly documented, legally binding and reviewed by technology specialists, to ensure that cyber risk is properly dealt with and allocated between the parties.

Cyber security is crucial, but it shouldn’t be complex or intimidating for businesses to protect themselves. There is significant expertise within our region and pre-emptive measures are always preferable to having to deal with the inevitable reputational and financial impact of a cyber-attack.

David Cox is a former information security professional and associate solicitor in the commercial team at Mincoffs Solicitors, specialising in cybersecurity and IT law. If you want to get in touch, he can be contacted on 0191 212 7770 or at dcox@mincoffs.co.uk.