When it comes to dealing with cyber security threats, the differing response of individual businesses often reflects that of different species when threatened by predators in nature. For instance, the response of an ostrich to a predator will be markedly different to that of a meerkat. Are you vigilant – do you take flight, fight or hide? Or do you ignore them? Are you an ostrich or a meerkat?
This dilemma is one that decision makers in our largest companies face every day when it comes to dealing with cyber risk, regulation and which approach to take with a data breach.
New cyber risk research*, conducted by YouGov on behalf of Noddle Protect, has revealed that many senior business managers need to get their heads out of the sand and start getting cyber risk and data breach savvy.
Here, we review the findings and the two different approaches to a data breach solution that have become apparent.
The Meerkat: looking out for risks and ready to raise the alarm
The meerkat is well known for its upright inquisitive posture. Is this endearing characteristic that we love about this fascinating animal also the way in which some organisations prepare for a data breach? Meerkats always have one or more of the pack standing guard to look out for predators. When a predator is spotted, the meerkat gives a warning bark or whistle, and other members of the group will run and hide thereby safeguarding themselves in one of the many holes they have spread across their territory.
Findings from Noddle Protect, Callcredit Consumer Markets’ forthcoming data breach solution, highlight that many senior decision-makers in large businesses are taking a more proactive approach to data breaches and are putting measures in place to safeguard their data and raise alarms to any risk.
An overwhelming 81 per cent say their business is prepared to tackle a data breach compared to 12 per cent who say they are not. A further 53 per cent say their business has put in place a business continuity plan and 43 per cent state they have a crisis management plan. Though these are some measures that can be implemented, senior decision-makers need to ensure they consider what other data breach methods could also be put in place to prepare for the proposed EU General Data Protection Regulation (GDPR).
While there are some positive findings, the cyber risk survey also reveals that many decision makers in large businesses are taking an ostrich’s approach when it comes to protecting their organisation from a data breach and the GDPR.
Features of a Meerkat
- 81% are prepared to tackle a data breach
- 53% have put in place a business continuity plan
- 43% have a crisis management plan
The Ostrich: refusing to prepare for a data breach
It is said that the ostrich buries its head in the sand to avoid predators – a very different approach to the meerkat. Many decision makers in large businesses could definitely be accused of taking an ostrich-style approach to a data breach.
Changes in EU regulation mean all organisations at risk of a data breach need to be prepared to safeguard their consumers. The biggest impact on regulation will be seen in mid-2016 when the proposed EU General Data Protection Regulation (GDPR) will be adopted by the EU. This means that from 2018, if organisations fall victim to a data breach, they will have to inform their customers when a serious data breach occurs and they could be fined up to a maximum of 4 per cent of their global turnover this is significantly higher than The Data Protection Act which allows fines of up to £500k. Worryingly, 68 per cent of business decision makers surveyed have not heard of the GDPR.
The research has also revealed that 17 per cent don’t know what their business has put in place to protect itself against a data breach and only 38 per cent have appointed a board director with responsibility for IT security, such as a Chief Risk Officer or Chief Data Officer.
The significant high profile data breaches that took place during 2015 and since the start of 2016, combined with news about the GDPR and cyber security regularly in the news, mean businesses must stop burying their heads in the sand and be more alert to data breaches, the forthcoming EU regulation and how to manage cyber risk.
Features of a Ostrich
- 68% haven't heard of the GDPR
- 12% are not prepared to tackle a data breach
- Only 38% have appointed a board director with responsibility for IT security
- 17% don't know what their business has in place to protect it against data breach
I know I want to be a meerkat when it comes to a data breach. How about you?
For businesses that would like to find out more, please leave me a comment and I will get in touch.
Author: James Robinson
*All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 281 decision makers in large businesses. Fieldwork was undertaken between 14-21 March 2016. The survey was carried out online.