The rising cost of a data breach

In the past few weeks, the media has reported on a number of high-profile organisations having experienced data breaches, including Meta, Tesla, and even our national icon, the NHS.

Public sector organisations in particular cannot afford to be paying fines out of ‘the public purse’.

We sometimes hear that companies are taking the risk without having robust data management systems and processes in place, and if a breach eventuates, they will pay the fine. However, after an initial period of relative leniency by the Regulators, it looks like GDPR-related penalties are now increasing.

And if you’re thinking that only the big players are being hit and penalized, think again. A peek at the Information Commissioner's Office (ICO) website shows organisations of all types and sizes copping some fairly hefty fines.

One of the problems many organisations face is that they simply don’t know what data they have within their myriad systems, including Personal Identifiable Information (PII), where it should no longer exist once the relationships with customers, suppliers, or employees cease to exist.

When a data breach occurs, the investigation into its severity is only made harder if the organisation doesn’t know what data was there to begin with and how much of it is sensitive, personal and/or confidential. This makes the process extensive and time consuming. None of which is helpful with the ICO setting a maximum of 72-hours for the reporting of data breaches, along with an assessment of their likely impact, details of the actions being taken to notify the data subjects, and the actions being taken. The UK GDPR sets a maximum fine of ￡17.5m for not following data breach requirements.

Mitigate the risk associated with a data breach

There are steps you can take now to reduce risk and to minimise fines should you experience a data breach. An immediate inventory of your data can reveal what PII you have within your organisation, where it is stored, and the age of files (also a compliance risk factor under the GDPR).?

This is an area that SimSage can support you with and a powerful use case for our Discover, Search and Evolve product range. We also specialise in identifying compromised data in a post-breach situation and helping to formulate a fast response to Regulators.

Boards are increasingly looking to ensure that GDPR and data breach risks and requirements are being met and reduced. If you would like to discuss how we can help you to mitigate the risks associated with a data breach and help you maintain your GDPR compliance, contact us at SimSage.