Cyber-crime is on the rise. Large attacks, such as Talk Talk, Ashley Madison and most recently, Mossack Fonseca grab the headlines. However, cyber-attacks in various forms are happening daily against businesses of all sizes.
The impact on customers, whose data is often the target of the attack, has forced the Government to act. The General Data Protection Regulation ("GDPR") and the Network Information Security Directive ("NISD") are likely to come into force in 2018 and an organisation's approach to cyber-security will become the subject of even greater scrutiny and could attract large fines (up to 4% of global turnover for serious breaches) in circumstances where not enough action has been taken to protect data.
So what can a business do?
Pre-breach
How an organisation prepares for and handles a breach can make an enormous difference to mitigating the reputational and financial consequences and strengthen its ability to satisfy a regulator that steps were taken to protect a customer's data.
The level of security needs to be assessed in light of each business' particular requirements and the sensitivity of the data being processed. However, generally, an organisation should be taking the following steps:
Responding to a breach
When a breach occurs, time is not on a company's side. It is therefore crucial to have in place an incident response plan that identifies who in the organisation will be responsible for handling the breach and the steps that should be taken to ensure a co-ordinated and cost efficient response.
A company's initial response to a breach can have far-reaching consequences, bearing in mind that any documents or steps taken may be scrutinised by a regulator or Court further down the line.
Use a specialist lawyer or 'breach coach' to co-ordinate the response. Communications between a lawyer and its client attract legal advice privilege and will not need to be disclosed to any regulator or Claimant. Careful use of a lawyer can therefore avoid damaging information coming into the hands of third parties.