WannaCry. NotPetya. Mirai. 2017 has seen some of the largest, most publicized cyberattacks in history. And, as we bring more and more of our information online - as we digitize more critical infrastructure and store more of our lives on the web – those attacks will only increase in frequency and severity.
I’m certain most business owners know this, at least to some extent. They’re aware that in the modern cybersecurity industry, everyone is a target. But knowing something’s true and actually taking steps to address it are two entirely different things.
Governments are stepping in where those businesses are falling behind.
“It’s clear that technology is no longer enough,” writes Sailpoint Chief Marketing Officer Juliette Rizkallah. “It takes a combination of people, processes, and technology to effectively combat today’s threats, which is why we’re seeing the regulatory environment heat up.”
Rizkallah refers to this as “The GDPR Effect,” named for the upcoming data privacy legislation in the EU. Set to come into effect in May 2018, GDPR sets strict boundaries to what a business can do with customer data and how it can be used, with severe penalties for non-compliance – some of the steepest seen so far. Under GDPR, every customer has the right to their own data, and every organization that does business with an EU citizen needs to respect that right.
Make no mistake, other governments will soon follow the EU’s example; like it or not.
At this point, some of you are probably wondering why any of this matters. After all, how is this any different from any of the other regulations that have come into effect over the past decades? Why does this new frenzy of regulatory crackdowns have any impact on your organization?
To answer that, let’s look at a new industry that’s sprung up as a result of the current cyber climate - cyberinsurance. Insurance providers have now accepted that malware, hacks, and ransomware are all pervasive, looming threats. And just as they offer coverage for stuff like natural disaster, legal liability, and hardware failure, they’re beginning to offer coverage for the damage caused by cybercriminals.
Just as a business that doesn’t practice any workplace safety measures probably wouldn’t be considered for liability insurance, a company that plays fast and loose with customer data – one that remains ignorant of the regulatory climate in their industry – will likely be passed over by insurance providers. And with the financial damage that can be caused by even a minor attack growing exponentially year over year, that’s a very, very bad thing.
Do yourself a favor. After reading this piece, hop on Google and do a bit of research about the regulations that might impact you. The more you know, the better-equipped you’ll be to adhere to them. And, the more effectively you adhere, the likelier it is you’ll be able to qualify for cyber insurance which will – if and when the time comes – protect you from some immense damage.
Here are a few recommendations as to how you can start your search:
Look For anything related to customer data. Nations such as the EU are more focused than ever on helping people take back control of their data. Given the current global nature of most organizations, that means it’s very likely that they’ll impact you.
Take a look at data security/privacy regulations within your own country. Even if they don’t relate directly to your industry, it’s important to pay attention to the legal climate within your nation. Changes in one industry could very easily influence changes in another, and being aware of them can help you better prepare.
Seek regulations related to your industry. If the United States brings out some new regulation for the financial services space that’s something you need to pay attention to – even if you work in financial services in the UK. Again, changes made in one nation can very easily bring about changes in another.
About Max Emelianov
Max Emelianov started HostForWeb in 2001. In his role as HostForWeb’s CEO, he focuses on teamwork and providing the best support for his customers while delivering cutting-edge web hosting services.