Critical digital assets like financial and company/personal data that enable e-commerce have become increasingly vulnerable as a result of massive growth in the following:
-
- Variations in regulatory requirements
- Online transactions
- Business partnerships
- Outsourcing services
They also lead to increased risks in the security of data and data breach across various industries worldwide. Hence, it is no surprise that many organisations have invested in data protection tools to help them manage their data protection practices and policies.
In addition, many data protection officers (DPOs) and others that are handling personal data need to have credentials like a PDPA certification to help them develop clearer understanding of the Personal Data Protection Act (PDPA) and how they can implement data protection principles more effectively.
Internal Risk From Employees
An analysis of cybersecurity claims made to the insurance company, Chubb revealed that insider (or employee-related) incidents account for a huge percentage of claims. Essentially, internal risks are employees or third-party vendors that have access to the organisation’s network.
Insider Risk Categories
Insider risks are categorised into the following:
- Unintentional human error. This occurs when untrained or careless staff make mistakes that can lead to a breach (i.e., stolen devices, misaddressed emails, and confidential data that are sent to home systems that are not secure). These mistakes can be very costly.
- Rogue or malicious employees. These people have the intent to either damage or steal valuable or sensitive data/information for commercial gain. Some of these people also have a vendetta against the organisation.
- Cyber attacks or hacking (from errors or deliberate cooperation by an insider). Through human error, hackers can hijack identities through the account of an unsuspecting employee.
The most treacherous aspect of insider threats is that activities and access are often undetected because they are associated with trusted systems. Furthermore, malicious or rogue employees may also remove or erase any evidence of their activities, further complicating forensic investigations.
True Cost of Data Breaches
There are several data breach consequences that organisations should familiarise themselves with. Below are some of them:
Poisoned search results – bad reputation
After a cybersecurity incident, it becomes apparent that nothing truly disappears on the internet. The damage brought about by a data breach can forever taint the reputation of your organisation. After a data breach, the marketing and communications department can spend months, if not years doing damage control.
For Small-medium businesses (SMBs), the damage to their reputation can become more difficult to overcome than the financial one. They can end up losing customers if their personal information has been compromised. Unfortunately, some damages may prove fatal to a business.
Loss of sales
Damage to reputation can result in customer loss, which in turn can result in decreased sales. When current customers lose trust in the business, they will start to look elsewhere. This often leads them to rivals who have not had any cyber incidents. Poisoned Google searches can also turn off potential prospects.
Unexpected expenses
The chief financial officer (CFO) is tasked to ensure the company runs within its budget. However, a data breach can throw a budget out of whack. If the organisation has cybersecurity insurance, it can relieve some of the unexpected costs. Unfortunately, many organisations are either reducing their cyber insurance policies or not purchasing any at all.
Employee turnover
A data breach can result in employee turnover. This is especially true at the executive level. Due to the repercussions of the breach, some employees may also be terminated. Another possibility is that other employees may choose to leave due to the stress caused by the incident.