It can be expected that costs associated with cybercrime will rise in the near to medium term and have a material impact on the global economy – while putting individual citizens’ and corporations’ important data at risk by cyber criminals. Due to the convergence of an escalation in the number of security vulnerabilities, an increase in hacker capabilities and tools as well as new legislation being enacted in the European Union, the estimated costs due to cybercrime may be conservative.
With the rise in cyberattacks at the forefront of the news on a near daily basis, it's becoming increasingly clear that the role of risk management and security must be elevated throughout the financial services and banking markets. Physical and IT security leaders are shifting toward a more proactive approach to security than in years' past to address and mitigate the latest emerging trend.
The European Union’s new General Data Protection Regulation (GDPR) came into effect in May of this year. While many in North America believe that since they are not located within the European Union the regulation does not apply to their operations, the territorial scope of the GDPR is well and truly global. Many of these companies are unaware that the GDPR is applicable to any organization conducting business within the EU, including those simply collecting data there.
There seems to be a constant supply of news stories involving high-profile, high-impact criminal cyber activity. More often than not, the data breaches that we hear about occur at large businesses or global organizations. This leads many people to think that it’s only those big companies who are at risk of being attacked. They incorrectly assume that today’s cybercriminal is always looking for a giant financial payout or a huge cache of personal data. But the reality is that small and mid-size businesses (SMB) are actually at greater risk.
Like the GDPR before it, the CCPA is getting a lot of attention because of the rights California residents will have to access data held by companies, to have that data removed, and to prohibit the sale of personal data. The new law, which does not go into effect until 2020, also creates the potential for some eye-popping payments directly to consumers impacted by a breach.