Thinking Differently about Data Protection 

Data privacy has been a consideration forced on businesses and individuals for the last 40 years; however, consideration has primarily been focused on the first party’s loss of access to data. Since the mid-nineties, the malicious threat to this data has amplified, with our economic and personal reliance on the internet and the ever-increasing ways it can be used for unscrupulous reasons. But it would still be fair to say that even many businesses approach data protection ad-hoc, using vulnerable legacy thinking and systems and minimising their spending on data protection, unlike other forms of tangible security.

Stuart Hamilton, Partner at Frank Risk Management, describes, “holding sensitive data, in the current climate, and not protecting it with everything at your disposal is like leaving your car unlocked on Karangahape Road, with your key fob sitting on the driver's seat. People need to get their head around that because it’s not tangible, it doesn’t mean it's not one of your most valuable assets and potentially biggest vulnerabilities”. 

However, many are now forced to consider more seriously the responsibility of safeguarding the sensitive third-party data they hold and the potential financial implications of failing to take all reasonable steps to ensure its protection. 

The financial costs to businesses for ‘dropping the ball’ include: 

  • Significant reputation damage and lost perception of your brand, business, or service. This can extend to lost business and future opportunities. Often, specialist media or PR support will be required to protect the brand and avoid making the situation worse. 

  • The cost of triage. Dealing with cyber criminals forces a target to minimise damage in a volatile environment. Specialist technical help is often necessary to understand what has been compromised and, maybe, negotiate with criminals who are not entirely focused on a ‘win-win’ situation for all. 

  • Dealing with compliance and statutorily imposed costs around data breach disclosure.  

  • Dealing with the legal expenses associated with defending claims from injured parties. 

  • When the business scrambles to recover, there also tends to be an enforced review of data protection, privacy policy, and regulatory requirements.  

  • Data breaches consume valuable time and resources that could be spent more productively without the event. 

  • Additional costs of working. Forced reversion to manual systems. 

Data security investment should now be treated as an expected cost to business. The more valuable the data, the more you need to defend it. Taking all reasonable steps to protect it is a journey to be taken with a well-resourced IT provider that gives you confidence and not just the one that’s just cheap. Considering cybercrime is the reality for us all now. Taking all reasonable measures to protect ourselves from it will markedly improve your chances of having the criminal move on to the next target; however, it does not eliminate the risk. So having this backed up by a well-understood Cyber Insurance policy is also a sound investment. 

 

New Zealand Insurance Industry Awards:

 
IBNZ Top Insurance Workplaces2020 copy.png
 
 
 
78PDE_0118_800 NZ Awards_Winner Logo_Young Insurance Professional.jpg
NZ%2BAwards%2B2017%2Blogos_WINNER_Small-Med_HR-02.jpg
Awards16+logo+BLACK+Winner.jpg