Partner Bambos Tsiattalou, and Solicitor Ernest Aduwa discuss the recent findings that cyber crime has now become a larger concern than Brexit for lawyers over the past year.
Bambos and Ernest’s article was published in The Times, 16 September 2019, and can be found here.
According to the results of the latest benchmarking survey, published last week by the accounting and consultancy firm Crowe, Brexit fears have fallen down the list of lawyers’ concerns since last year. Despite wider public anxiety over Brexit, lawyers are now more worried about talent retention and the threat of fraud and cybercrime.
It is perhaps too easy to blame anonymous malevolent hackers for the rise in cybercrime. However, this does nothing to address the problem as it becomes more prevalent. Rather than relying on the authorities to prosecute individuals who perpetrate cyber-attacks, businesses must take greater responsibility themselves for detecting and preventing such attacks in the first place, thereby protecting the data of their customers and clients.
The increase in lawyers’ collective concern, as reported by Crowe, acknowledges the scale of the cyber problem. Cyber risks are not only increasing, but they have evolved to include financial, legal, regulatory, and reputational risks. As a result, the responsibility of business has expanded to include these additional areas.
For every business operating in Europe, The General Data Protection Regulation (GDPR) has become an integral feature of corporate life. Failure to act can be very costly. The UK Information Commissioner’s Office (ICO) recently used its powers under GDPR to levy heavy fines against both British Airways and the Marriott hotel chain. Together, these totalled almost £300m.
Many companies have fully embraced the challenge, driven by the impetus of new regulations. But others have yet to accept the breadth of their increased responsibility, and manging cyber risk remains relatively low on their priority list. A few businesses might even choose to avoid increased responsibility because they consider themselves unprepared to understand or manage the risk.
The most common manifestation of cybercrime arises with the public disclosure of data breaches, which are occurring with increasing regularity due to the widespread digitisation of valuable information. Inevitably, these breaches attract considerable media attention focused on the potential adverse impact on those individuals whose information has been stolen.
Confronting constant threats from an increasingly diverse set of cyber risks, no business can doubt the need for strong cybersecurity. Or at least none of them should. As the nature and type of cybercrime continuously evolves, existing security measures can suddenly be rendered inadequate or ineffective, exposing sensitive company or customer data and making it vulnerable to compromise.
Of course, there is no endless supply of resources to throw at the problem. But to maximise protection, the risks need to be fully understood and communicated to customers and clients. Simply ignoring cybercrime does not provide any immunity against it. Few businesses publicly admit that their customers’ data is at risk. But denial and complacency cannot be the answer.