Partner Bambos Tsiattalou, and Solicitor Ernest Aduwa discuss the recent findings that cyber crime has now become a larger concern than Brexit for lawyers over the past year.
Bambos and Ernest’s article was published in The Times, 16 September 2019, and can be found here.
Brexit fears have fallen down the list of lawyers’ concerns over the past year, according to a recent survey.
Despite wider public anxiety over the UK’s exit from the EU, lawyers are now more worried about talent retention and the threat of fraud and cybercrime.
It is perhaps too easy to blame anonymous malevolent hackers for the rise in such crimes, but this does nothing to address the problem as it becomes more prevalent.
Rather than relying on the authorities to prosecute individuals who perpetrate cyberattacks, businesses must take greater responsibility for detecting and preventing such attacks in the first place, thereby protecting the data of their customers and clients.
The increase in lawyers’ collective concern acknowledges the scale of the digital problem. Risks are not only increasing, but they have evolved to include financial, legal, regulatory, and reputational spheres. As a result, the responsibility of business has expanded to include these areas.
For every company operating in Europe, the General Data Protection Regulation (GDPR) has become an integral feature of corporate life. Failure to act can be costly. The UK Information Commissioner’s Office recently used its powers under the GDPR to levy fines totalling nearly £300 million on British Airways and the Marriott hotel chain.
Many companies have embraced the challenge that is driven by the new regulations. But others have yet to accept the breadth of their increased responsibility, and managing cyber-risk remains relatively low on their list of priorities. A few businesses might even choose to avoid increased responsibility because they consider themselves unprepared to understand or manage the risk.
The most common manifestation of cybercrime arises with the public disclosure of data breaches, which are occurring with increasing regularity owing to the widespread digitisation of valuable information. Inevitably, these breaches attract media attention that focuses on the potential adverse impact on individuals whose information has been stolen.
Confronted with constant threats from a diverse set of cyber-risks, no business can doubt the need for strong cybersecurity — or at least, none of them should. As the nature and types of cybercrime continuously evolve, existing security measures can suddenly be rendered inadequate or ineffective, exposing sensitive company or customer data and making it vulnerable to compromise.
Of course, there is no endless supply of resources to throw at the problem. But to maximise protection the risks need to be fully understood and communicated to customers and clients.
Simply ignoring cybercrime does not provide immunity against it. Few businesses publicly admit that their customers’ data is at risk. But denial and complacency cannot be the answer.