Data Protection For Startups: Overlooking Cyber Security Will Land You in Data Protection Bankruptcy
Data breaches are on the rise and the recent wave of attacks have been taking place in the shape of ransomware. In some countries 40% of businesses have suffered from such attacks. In the UK, more than 54% of businesses of all sizes were victims of ransomware attacks.
The term refers to a number of versions of malicious software which takes control of a targets computer and then encrypts all the data on it, rendering it inaccessible. The software’s developers then demand a payment, typically in an digital currency such as bitcoin, in exchange for handing over the encryption keys.
Demands for the payment start at $500 but can be much bigger in certain cases. According to a report by Malwarebytes “one-fifth of British companies who had been hit by ransomware reported being charged more than $10,000 to unlock their files, and 3% of the demands were in excess of $50,000.”
According to the 2015 UK Information Security Breaches Survey — 74% of startups and 90% of big organisations are hit by security breaches — of which ransomware is only one type with 9 attacks experienced per year. 59% of organisations expect the frequency of attacks to rise. The cost of attacks ranges from over £70000 for startups to £1.4 million for large organisations.
The research shows that “over half the businesses hit by ransomware in the UK will eventually pay, but the figure varies wildly internationally: 97% of American businesses didn’t pay the ransom”. This is an interesting divide however not a surprising one given the following.
The Spiral and the Consequences of Not Paying
Data protection rules in the EU and the UK punish companies that suffer data breaches. Data protection fines stand at 4% of a company’s annual turnover whether it is making €100 or €100 million/ year. Companies are also fined for not reporting such instances where attacks result in significant losses for users’ civil liberties. The Netherlands took a very strict approach to this issue and the new notification law is expected to see in excess of 6000 companies come forward in the first year.
In the case of ransom ware, companies with European users have to pay the amount of pay, perhaps more, in fines. Therefore, addressing your organisation’s cyber security make up is a critical part of data protection compliance. Make sure to conduct risk assessments where possible to identify any risks before they arise. Email us on email@example.com to know how we can help you.