Data Governance

Data: a double-edged sword for business

By Aman Johal, Lawyer and Director of Your Lawyers

British mathematician Clive Humby said in 2006, “Data is the new oil”. Fourteen years later, this statement has never been more prevalent.

The value of data and the power it holds over our everyday lives is clear to see, and businesses have learnt how to use data to their advantage. However, this has also brought about increased risks of criminals hacking the systems of companies that do not have robust security measures in place.

Recent changes to the law mean that any business that is hacked could be issued with a substantial financial penalty from the Information Commissioner’s Office (ICO). In addition, the cost of compensation claims can reach the billions, as we have seen with the estimated British Airways Group Action pay-outs standing at a potential £3bn.

With these risks hanging over organisations of all sizes, leaders must understand the value of data, the tactics these criminals use to succeed with a hack, and the security measures that must be implemented to successfully protect the data they hold.

New technology means new avenues to attack

Businesses have seen a positive impact from huge advancements in technology, but these improvements have also created increased risks of cyber-attacks, with criminals constantly finding new ways to breach business systems. Even with software updates improving computer security, criminals are adapting and developing new ways to break through defences.

The ever-increasing digitalised world has opened up a huge number of avenues for cybercriminals to attack businesses. Some hackers operate like legitimate businesses and constantly invest their ill-gotten gains into developing new ways of breaking down more secure defences. Others will aim for easier targets, such as those with older and outdated systems that may not be as secure, or systems that have not been patched for vulnerabilities. In a recent example, Travelex had to take down its website which was compromised due to security vulnerabilities the company failed to patch, and the cybercriminals held the company to ransom.

The NHS found itself on the wrong end of a cybersecurity hack in 2017, which led to systems being shut down. It stemmed from its older and outdated systems being targeted. The attack, known as WannaCry, led to a number of NHS services suffering and resulted in delays in patient care and cancelled operations.

Organisations can make it easier for criminals to hack systems through a lack of respect paid to even the most basic security protocols. Weak employee login credentials or systems with outdated security software can be easy targets to hit.

The avenues that criminals can gain access to an organisation’s data are increasing. With the world becoming more connected, there are more opportunities and tactics for hackers to exploit to gain access to data and financially benefit from their criminal activity.  

What security should you invest in?

There are many different options open to businesses when it comes to implementing security procedures to counter potential hacks. There must always be the view from senior leadership that the business should have the best cybersecurity to meet its needs. It may seem daunting at first, but for companies that are not cybersecurity savvy, it is worth investing in a qualified and trusted external service to ensure the organisation’s operations are fully protected.

As well as outsourcing to experts, it is worth having internal processes, procedures and employees who are responsible for cybersecurity issues. It is important that businesses have their external experts and insurance in place for protection, while also making sure that their internal house is in order. Enforcing strong login credentials, securely backing data up, implementing continuous training, and having thorough policies are important steps to take to reduce the risk of human error data leaks.

These practical measures are a start. However, the security a business implements should always be tested, trusted and be seen as a priority at all levels. If not, the consequences can be grave.

The risks of not investing in up to date security

There are huge risks for businesses that do not fully equip themselves against a potential data breach. There is no excuse in believing that security improvements can wait. The failure to protect data could lead to huge fines and significant compensation pay-outs. In the worst-case scenario, the costs could theoretically bankrupt a business.

If a company succumbs to a data hack, it could be issued with a significant fine from the ICO. British Airways and Marriott have recently been issued with provisional intentions to fine the sums of £183m and £99m respectively due to customer data being exposed.

This financial cost does not account for the huge estimated bills owed to customers for compensation claims that could hit the billions, nor does it account for the loss of trust and reputational damage that can be synonymous with a breach.

Data breaches can shape the landscape of competition across all sectors, where those who fail to protect themselves risk being hit so hard that they lose market share and struggle to compete due to the significant fallout costs of a breach. With data being crucial to the running of the modern world, and the costs of failure being so substantial, it is the businesses that fully secure personal data that can succeed in the long run.

About the author

Aman founded consumer action law firm Your Lawyers in 2006, and over the last decade he has grown Your Lawyers into a highly profitable litigation firm.

Aman has also has successfully recovered millions of pounds for a number of complex personal injury and clinical negligence claims through to settlement, including over £1.2m in damages for claimants in the PIP Breast Implant scandal.

Aman has also been at the forefront of the new and developing area of law of compensation claims for breaches of the Data Protection Act, including the 56 Dean Street Clinic data leak and the Ticketmaster breach.

About Your Lawyers

Your Lawyers is a firm which is determined to fight on behalf of Claimants and to pursue cases until the best possible outcomes are reached. They have been appointed Steering Committee positions by the High Court of Justice against big corporations like British Airways – the first GDPR GLO – as well as the Volkswagen diesel emissions scandal, which is set to be the biggest consumer action ever seen in England and Wales.