There are some duty breaches that are considered a criminal offence which can result in disqualification and fines for the director, or even imprisonment for the more serious cases. Read on:
Data loss or security breaches can occur in a number of ways, including network hacking, lost or stolen laptops, spyware, phishing, insecure media disposal, hacked card swiping devices, security vulnerabilities on mobile devices, misdirected mail and faxes, insecure wireless networks, peer-to peer software, breaches in physical security, problematic software updates or upgrades, human error, rogue or disgruntled employees, and lost or stolen media.
Statistics accumulated by the University of Salford show that 43% of Cyber-attacks target SMEs and 60% of these that fall victim go out of business within 6-months.
YOUR CYBER RISKS
If SMEs fall victim to cyber-attacks, they may face several legal consequences:
- Data Breach Liability: If sensitive customer or employee data is compromised, SMEs could be liable under data protection laws, such as General Data Protection Regulation (GDPR), leading to potential fines and legal actions from affected parties. National authorities can or must assess fines for specific data protection violations in accordance with the GDPR. For the decision of whether and what level of penalty can be assessed, the authorities have a statutory catalogue of criteria which it must consider for their decision. Among other things, intentional infringement, a failure to take measures to mitigate the damage which occurred – i.e. Cyber Security. The data protection authority can issue fines of up to £17.5 Million or 4% of annual world-wide turnover.
- Regulatory Penalties: Regulatory bodies may also impose fines for failing to protect personal information adequately, especially in industries with strict compliance requirements such as Financial Services – even to the extent of removing permissions to continue in business. To quote the FCA “Getting data protection wrong can bring commercial, reputational, regulatory and legal penalties. Getting it right brings rewards in terms of customer trust and confidence.” If your company processes payments by card, there maybe substantial fines levied by the Payment Card Industry Data Security Standard (PCI DSS) for non-compliance.
- Civil Lawsuits: Affected customers, stakeholders or partners may pursue civil lawsuits for damages resulting from the breach, including financial losses and reputational harm.
- Insurance Issues: SMEs might face challenges with insurance claims related to the attack, particularly if they cannot demonstrate adequate cybersecurity measures were in place. In addition, future premiums may increase substantially, or cover refused.
- Reputational Damage: Legal consequences can extend to reputational harm, impacting customer trust and future business opportunities, which can be particularly devastating for smaller enterprises.
COSTS
Costs associated with a typical data breach can include, but are not limited to, internal investigations, forensic experts, consumer notifications, discounts for future products and services, credit monitoring, crisis management, call centres, lawyers fees, payment card industry fines, increased processing fees, litigation (including damages, awards and settlements, reputational costs, and technology upgrades.
Don’t become liable for costs that are insurmountable – take action! All SME should consider getting accredited with a cybersecurity risk assessment standard such as Cyber Essentials, Cyber Essentials Plus, Information Assurance for Small and Medium Enterprises (IASME) Cyber Assurance, ISO 27001.
The costs of these accreditations are small compared to the consequences of a cyber-attack.
Call Archway Securities today for a short consultation which will help you decide how vulnerable you are.