One-third of UK firms had their data stolen in the past 12 months
Kroll, a division of Duff & Phelps, the global leader in risk mitigation, cyber resilience, security and incident response solutions, is urging business leaders to proactively ensure that they have robust and compliant data protection controls in place on this Data Privacy Day.
Kroll’s recent Global Fraud and Risk Report, with research conducted by Forrester consulting, revealed that a third (32%) of UK firms were victims of data theft in the last 12 months, which is higher than the global average of 29%. With the risk of strict penalties for failing to adequately protect data under the EU’s General Data Protection Regulation (GDPR) and country-specific legislation like the UK’s Data Protection Act, businesses must act to ensure that all information they hold is as secure as possible.
The research, which examines the current global risk landscape, revealed that two thirds (66%) of UK firms view large-scale, coordinated cyber attacks as a significant future business risk, but despite this fear, a quarter (23%) don’t have confidence in their cyber security controls, and 30% don’t feel their risk management processes are effective. It’s therefore clear that organisations need to be doing more to safeguard their data and ensure information is secure, beginning with internal audits of business areas most at risk.
Andrew Beckett, managing director, cyber risk at Kroll, comments:
“Amid increasingly strict data protection regulations, controls on client information can no longer be relegated to ‘checking a box’. Instead, they must be part of a robust cyber security program, considered in every business process and their importance understood by every employee. Organisations need to set data protection and cyber security priorities by looking inward to identify areas most at risk, and implement plans to respond efficiently in case of a breach in a manner that follows applicable legislative, regulatory and best practice requirements.
“Cyber security and data protection pose systemic challenges to many organisations, with the boundaries shifting constantly. It requires an ongoing commitment to implement and continuously test—as cyber incidents are no longer a question of if, but when.”