Data Privacy Day on 28 January is an international annual event that highlights the importance of data protection and compliance in a high-risk world. The World Bank describes it as an international focus on the ‘importance of respecting privacy, safeguarding data and enabling trust’. And it is important in the era of increasingly sophisticated cybercrime where online has become a complex web of tracking, cookies, crime and intent. According to Brendon Ambrose, General Manager and Data Privacy Lawyer at Atvance Intellect, companies in South Africa need to focus on maturing their data protection and compliance foundations to ensure that they are not only aligned with the Protection of Personal Information Act (POPIA), but that they can handle the ongoing cyber onslaught.
While POPIA comes with an extensive checklist, one area that’s invaluable to the business is the notification of security compromises. According to IBM, it takes an average of 287days to discover and contain a data breach. This gives the attackers nearly a year to play around in the system, really building up that stickiness that allows them to steal credentials, data and information. Which makes early identification and mitigation absolutely critical as this can fundamentally change the impact that the attack has on the business, both in terms of cost and reputational damage.
The same IBM study found that the total average cost of a breach increased by 10% from 2020 to 2021, rising to $4.24 on average, and that lost business came to around 38% of the overall average at a cost of $1.52 million. In addition, 20% of the breaches were due to compromised credentials and companies that had low levels of compliance paid significantly more -$2.30 million more, to be precise. Which really does underscore the fact that compliance is not a compromise. It has to become a part of the organisation’s culture, trickling down from the top into every department and onto every desktop.
Understanding precisely how the organisation has to comply with, and report around, POPIA is essential in ensuring that it can emerge from an incident with minimal harm and risk. The reality is that every, single business that uses the internet is at risk of being hacked. Some recent research found that 64% of companies have been attacked at least once, 63% of attacks are about money, and there’s an attack every 39 seconds. It doesn’t matter how big or small your business is –if it’s online, has data and makes money, it’s a target. In fact, 80% of companies that have been attacked once, will be attacked again.
Ultimately, international Data Privacy Day is just that, one day, but it should underscore the importance of investing into skills, resources and systems that will ensure the business can withstand, or survive, a breach. At a time when customer trust is low, and government oversight is high, compliance is less a box ticking exercise and more an essential part of doing business.
Get in touch with Atvance Intellect, experts in data privacy, data law, complianceand global best practice to ensure that your business doesn’t just survive compliance, it leverages it for growth.
to connect with our expert