Data breaches and losses are regular headlines, and when they affect millions of individuals it isn’t hard to see why. Several high-profile organisations such as Equifax, Three and various local government organisation in the UK have all been victim to data breaches; so, are organisations prepared for the impending regulations that could see fines for a data breach grow to €20 million?
Global trends have shown that in 2017, the number of files lost or stolen in a data breach has risen to a level where, 9 months into the year, it outstrips the number from the year prior. A staggering 1.9 billion records have already been lost or stolen in 2017, equating to an astonishing average of 10.4 million records lost or stolen every day. It may not be so surprising to hear that 74% of data loss was directly attributed to cyber-criminals, with a further 8% being attributed to internal attacks. The data used for these findings considers breaches that have been reported, with North America leading the way by a distance. With the GDPR set to take effect in early 2018, this could all change.
Get your Equifa-cts straight
One of the most recent, major, data breaches has been the Equifax breach that is known to have effected over 140,000 users and business world-wide, including 400,000 in the UK. Equifax who had published a white paper talking about data protection and best practice in the event of a data breach, spoke of informing data subjects of a breach within a few hours, however waited several months to inform their own customers of their breach. The company’s internal processes have been heavily called into question and early investigations have already revealed that data was being accessed and stolen by unauthorised persons for several months. Data regulatory authorities worldwide have committed to investigating why the breach was so large and how it took so long to be found, the ICO in the UK were quick to publicly offer Equifax advise on how to deal with UK consumers effected and the FBI has reportedly begun its own enquiry.
How much worse could it get?
Breach data can only account for the breaches that are reported to regulatory authorities around the globe. This means smaller breaches are less likely to be reported and some organisations, however well-known they are, may fly under the radar. However, with the introduction of GDPR in May 2018, all organisations who must comply have a duty to report a data breach within 72-hours of it occurring. There is likely to be a huge rise in the number of breaches reported from across Europe and regulatory authorities such as the ICO, in the UK, are going to have their hands full. Further to this, cyber-crime is also on the up and with criminals able to steal data and extort ransoms with relative ease it won’t be a surprise to see more and more headlines about data loss, theft and breach. There is also likely to be several headlines relating to the fines those organisations face afterwards.
Redstor is committed to ensuring data is protected throughout its lifecycle and to reducing the threat of data loss or breach. To help partners and customers comply with the upcoming regulation, Redstor has entered a strategic partnership with compliance specialists GDPR365.
GDPR365 is a collaboration and compliance management solution designed to give organisations the tools they need to accurately measure and improve levels of compliance.