Cyber risk: predicting a data breach before it happens

Cyber risk: predicting a data breach before it happens

From the dusty roller decks of the 1980s to the paper files and treasury tags of the 90s, businesses have loved collecting data on their customers.  It’s a simple premise - if you can show your customers that you remember and value them, they are more likely to spend money. 


Indeed, the growth of the customer database has been one of the most important changes to modern business.  Access to customer data is vital to the smooth running of companies.  I’m sure we have all been on the phone to a customer service agent and, at point of purchase, been told that their computer has stopped working.  Without access to the database - life as we know it pauses.



The true value of data


Individually, each bit of data is useless.  But when viewed as a whole, the resulting insights can be powerful in better serving and understanding a customer’s needs.  Yet, as the old adage goes, with great power comes great responsibility.  “When entrusted with personal data,” the ICO writes, “you must look after it”.


In the last few months, BA and Marriott have been hit with notices of intent - threatening enormous fines totaling almost £300m for failing to do just that.  Overnight, the financial consequences of losing or mistreating customer data has become real. Despite both BA and Marriott being victims of hacking and flagging the breaches - the ICO came down hard on their ineffective security, lack of appropriate process and poor historical due diligence.


On the list of business risks, data breaches are among the most complex and tricky.  They can be huge system-wide hacks, or small user-centric errors - such as losing a laptop or copying an email to the wrong person.  Even the smallest error can have reputational and financial consequences. 



Your due diligence


Imagine the scene.  You have begrudgingly accepted the remit of Data Protection Officer in your small business.  On Friday afternoon, over drinks in the pub, your colleague tells you the unthinkable.  They’ve been hacked.  You know you are supposed to do something.  But what?  A quick google only makes things worse.  Your hand reaches for the phone.  Lawyers, accountants, IT specialists, lost business - the potential costs start racking up. 


Don’t think larger businesses have it easier, mind you.  The corporate data protection teams have to slash through huge volumes of notifications, trying to work out the severity of each and resolve them as quickly as possible.


In both cases, having a specialist data protection lawyer doing all this work would be wonderful.  And expensive. 


LexisNexis are pioneers in creating simple tools that help navigate and automate complex legal processes.  The new  Cordery Breach Navigator guides anyone, lawyer or not, through the process of recording a potential breach - large or small.  It’s algorithm cleverly collects the minimum required information to determine the severity of the breach.  The intelligent decision engine then guides users through the immediate actions required - escalating as required to the right people. 


High volumes of notifications can be quickly viewed, managed and allocated, so that the most senior staff are aware of and managing the most complex cases. The Navigator automates common processes and responses, such as writing a notification to the ICO, speeding up manual tasks - bringing consistency and professionalism to these difficult communications.


BA and Marriott discovered that doing the right thing after a data breach is insufficient.  The processes and policies need to be up and running long before an incident.  Better still, with  Cordery Breach Navigator, you can use the analytics to predict areas of risk - preventing the breach from happening in the first place.


Don't just take it from us...



Cordery appears in Forbes 


Last month, Cordery CEO Jonathan Armstrong shared his thoughts on the impact and risk of cybercrime in Forbes: 


“Cybercrime, like war and taxes, is an inevitable fact of life. We need to prepare for when not if. That's harder than it used to be as the attacks are more sophisticated but also since today's corporations aren't islands – they rely on vendors and partners to do what they do. You need to try and control your data – whether it's on your systems or a third parties – but you also need to prepare for the inevitable. That means proper war gaming so you're battle-ready when the next breach happens.” 


Backing up this point, Attorney, Charles Kallenbach shared his experience: 


“We felt we were well prepared for an attack, and we had a number of important defences in place. But the hackers were able to exploit a very small weakness – and wreak havoc.” 


The risk of cybercrime remains real and present. Here in the UK, large and high-profile corporates such as British Airways have recently been exposed to the reputational damage, operational cost and the imposition of massive fines from the ICO. 


Our Cordery system ensures that clients have the processes, advice and governance required to minimise the risk in the event of a breach.  As the risks evolve and change, so too does the Cordery system – ensuring our clients are always ahead of the game. 


The Cordery team and LexisNexis recently launched a tool to help businesses deal with data breach. You can find out more about Cordery Breach Navigator here.



Cordery / LexisNexis nominated for Financial Times FT/RSG Intelligent Business Awards


LexisNexis and Cordery were also very happy to have been nominated for the Financial Times FT/RSG Intelligent Business Awards for Cordery Breach Navigator, alongside some of the technology giants of the world, including IBM. The awards ceremony which will be in San Francisco on 22 October. 


You can find out more about the awards here FT/RSG Intelligent Business Forum and Awards and more about Cordery Breach Navigator  here.

Related Articles:
Latest Articles:
About the author:

Matthew is Head of Brand, PR and Content Marketing at LexisNexis. He has experience leading the PR and brand strategies for several global and corporate companies. Matthew has led high-profile sponsorship and brand strategy campaigns, including the British Gas’ sponsorship of British Swimming during the London 2012 Olympics. As a brand marketer, he has regularly secured front page coverage on national publications including the Times, Telegraph and the BBC. He has a Bachelor’s Degree from Durham University, a Professional Diploma in Marketing (CIM), a Fellowship of the Institute of Data and Marketing and is a Non-Executive Director of the European Sponsorship Association.