Cyber risk: predicting a data breach before it happens

Cyber risk: predicting a data breach before it happens

From the dusty roller decks of the 1980s to the paper files and treasury tags of the 90s, businesses have loved collecting data on their customers.  It’s a simple premise - if you can show your customers that you remember and value them, they are more likely to spend money. 


Indeed, the growth of the customer database has been one of the most important changes to modern business.  Access to customer data is vital to the smooth running of companies.  I’m sure we have all been on the phone to a customer service agent and, at point of purchase, been told that their computer has stopped working.  Without access to the database - life as we know it pauses.



The true value of data


Individually, each bit of data is useless.  But when viewed as a whole, the resulting insights can be powerful in better serving and understanding a customer’s needs.  Yet, as the old adage goes, with great power comes great responsibility.  “When entrusted with personal data,” the ICO writes, “you must look after it”.


In the last few months, BA and Marriott have been hit with notices of intent - threatening enormous fines totaling almost £300m for failing to do just that.  Overnight, the financial consequences of losing or mistreating customer data has become real. Despite both BA and Marriott being victims of hacking and flagging the breaches - the ICO came down hard on their ineffective security, lack of appropriate process and poor historical due diligence.


On the list of business risks, data breaches are among the most complex and tricky.  They can be huge system-wide hacks, or small user-centric errors - such as losing a laptop or copying an email to the wrong person.  Even the smallest error can have reputational and financial consequences. 



Your due diligence


Imagine the scene.  You have begrudgingly accepted the remit of Data Protection Officer in your small business.  On Friday afternoon, over drinks in the pub, your colleague tells you the unthinkable.  They’ve been hacked.  You know you are supposed to do something.  But what?  A quick google only makes things worse.  Your hand reaches for the phone.  Lawyers, accountants, IT specialists, lost business - the potential costs start racking up. 


Don’t think larger businesses have it easier, mind you.  The corporate data protection teams have to slash through huge volumes of notifications, trying to work out the severity of each and resolve them as quickly as possible.


In b

Subscription Form

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Related Articles:
Latest Articles:

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author:

Matthew is Head of Brand, PR and Content Marketing at LexisNexis. He has experience leading the PR and brand strategies for several global and corporate companies. Matthew has led high-profile sponsorship and brand strategy campaigns, including the British Gas’ sponsorship of British Swimming during the London 2012 Olympics. As a brand marketer, he has regularly secured front page coverage on national publications including the Times, Telegraph and the BBC. He has a Bachelor’s Degree from Durham University, a Professional Diploma in Marketing (CIM), a Fellowship of the Institute of Data and Marketing and is a Non-Executive Director of the European Sponsorship Association.