As innovative technologies demand more data to inform their processes, we are entering an age where data is more valuable than ever. With a tightening of privacy regulations and consumers being more aware of where their data is used and stored, it is becoming increasingly difficult for companies to collect this precious resource and stay cyber-secure. David Lam, General Partner at Atlantic Bridge Capital, shares with us his analysis.
Experts have called data the world’s most precious resource, more valuable than gold or oil. Their optimism is well-placed: data has the potential to transform a business by creating a real-time, continuous feedback loop that can dynamically improve a company’s products and boost customer service. Industry 4.0 promises the transformation of trillion-dollar, traditional industries into a collection of highly responsive, digital enterprises that can shift assets, logistics and resources at the speed of light. Artificial intelligence, from smart speakers to self-driving cars, rely on a constant flow of data to help us lead better and safer lives.
The future of data is as exciting as it is inevitable. Meanwhile, governments across the world are racing to create the rules of engagement that balance corporate responsibility with the rights of individuals. Since the 1990’s, Europe has taken a strong position to corral the power of corporations, especially in the technology sector. The European Union took the global mantle on anti-trust action with judgments against Microsoft in the 1990’s and then against Google a decade later. In 2016, the EU again led the charge, this time in data privacy with the passage of the General Data Protection Regulation (GDPR), which became enforceable in mid-2018 against any company doing business in the EU. GDPR has inspired other nations, most notably China, to follow suit with similar legislation.
Amid the tug of war between data and privacy, the dark forces of criminal and malicious elements have entered the scene, exposing the soft underbelly of the data revolution. These security breaches are creating havoc for individuals whose personal data is exposed and triggering C-suite departures plus massive fines at corporations that cannot protect their data. Equifax’s data breach leaked the records of 147 million customers and led to the departure of its CEO, while Capital One compromised the personal information of 106 million customers. Facebook was fined $5 billion by the US Federal Trade Commission for mishandling user information, and British Airways and Marriott International were assessed over £250 million in combined fines for GDPR violations.
In assessing the risks associated with protecting data, three key threat vectors emerge that face enterprises large and small:
- Hackers: As the value of data has risen, so has the sophistication and scale of criminal and government-sponsored cyberattacks. Capital One’s breach was caused by a US-based hacker, while North Korea reportedly used state-sponsored hacking over a four-year period to steal $670 million.
- Disgruntled employees: Bad actors in a company can violate their positions of trust to cause significant damage to the companies they work for. A recent report by Cybersecurity Insiders showed that 53% of respondents confirmed insider attacks on their organizations in the last 12 months.
- Human error: Known as “the weakest link”, innocent mistakes by employees comprise a significant share of data breaches, ranging from phishing to ransomware to forgetting to renew a digital certificate to neglecting to assign a database password. Risk management consultant Kroll estimates that human error caused 90% of data breach reports received by the UK Information Commissioner’s Office in 2017 and 2018.
The enormous power of data is well-established. But as the volume and value of data continues to rise, data is becoming harder to secure, and the liabilities associated with security breaches are dramatically increasing.
Data isn’t the next gold or the next oil. It’s shaping up to be the next uranium: a natural resource that when harnessed effectively can power a city but when placed in the wrong hands can cause enormous collateral damage. The future prosperity of organisations will depend on their ability to channel the extraordinary benefits of data while complying with new regulations that place stricter standards and significant penalties on enterprises to protect this critical asset in an increasingly unsafe digital world.