Removing geographical borders as a result of advancements in digital technology is great for business but, according to a recent government report, 81% of large UK businesses and 60% of small companies suffered a cyber risk last year. Latest figures indicate that data breaches have become more frequent with 74% of small organisations and 90% of large enterprises being affected in 2015.
So What Is Cyber Risk And What Mitigation Strategies Can Businesses Implement?
Cyber risks are threats of financial loss, disruption or damage to the reputation of an organisation from an IT systems failure/breach.
Hacking is extremely serious: breaches can have both significant legal and reputational effects upon organisations and costs the global economy over $400 billion per year.
It is hardly surprising that there has been a significant increase in cyber attacks as businesses hold more data and this is then shared with staff who use their own devices.
Cross-media communications further increases this risk. UK figures have doubled over the last couple of years, costing the economy £billions, and so evaluating security measures is a real commercial issue for businesses and an essential part of risk assessment (and insurance protection!).
The 2015 edition of the Department for Business, Innovation and Skills’ Information Security Breaches Survey estimated it costs major firms between £1.45 million and £3.14 million to deal with each cyber attack or accidental data disclosure incident. The costs are substantial for smaller firms too with figures reported in the region of £75,000 and £311,000 per incident.
How To Combat And Manage Cyber Risk?
To proactively combat this risk, business owners are being encouraged to conduct a commercial health check and implement joined-up recovery plans across all business functions.
The government has created a guidance/certification scheme to help here.
Many of the recommendations are just good common-sense and naturally form part of effective risk management. Nominating a board-level owner for cyber risk is a good start, integrating stress-testing into your operational/financial frameworks and creating a business-wide recovery plan are all advised.
In addition to this, it makes good business sense to work collaboratively with your legal advisors to ensure that your internal policies, systems and procedures adequately deal with:
- How your business prevents and limits risk: review your compliance strategies
- How your contractual paperwork shapes up: review your customer and supply chain contracts
- How your business would react in the event of a breach: review your crisis liability management systems – are they robust enough to proactively resolve an incident in a timely fashion, avoiding loss and with minimal business disruption?
- What steps your business would take if unwittingly accused of a data security breach?
- Cyber security due diligence: review your processes in respect of M&As, IPOs and third party agreements
Final Words: Ways Your Business Can Manage Cyber Risk
Getting your legal housekeeping in order will save you time and money in the long run.
Taking cyber risk seriously not only protects your business, but also raises insight awareness within your organisation, strengthens your supply chain resilience and stimulates sustainable growth.
Ignoring it will almost certainly weaken your corporate profile, credit rating and ultimately your profitability.
Article written by Rachel Furniss.
Need some legal advice on how to manage cyber risk from experts in this area? Then click the button below and we’ll find you a range of free quotes from vetted legal experts.