Cybersecurity businesses in the South West such as Foregenix and Fashosts are reporting alarming figures on the approach that most businesses are taking to cyber security, and especially SMEs and micro-businesses. While 89 percent of decision-makers in micro-businesses claim to have never been affected by cyber breaches, only 14 percent are using intrusion detection systems. More worrying still, only 33 percent are reported to have firewalls in place.
So what happens when your company has been hacked? Speaking to Insider alongside a panel of cybersecurity experts, Brett Lambe, member of Thrings’ Commercial team and a Legal 500 recommended lawyer in Technology, Media and Telecommunications (TMT), warns about the need to think ahead.
“Businesses of all sizes need to be aware of their legal obligations following a cybersecurity breach. This should, at the very least, include knowing who to report a breach to - internally and externally.
“Every business handling personal data, which will be most businesses, has an obligation to report breaches promptly under GDPR.”
Further to the interview, Brett explained that certain industries will have specific mandatory regulatory obligations to follow. For example, the security of certain IT systems is covered by the new Network and Information Systems Regulations, with notification and registration deadlines having been and gone in August but also coming up in November 2018.
“As is often the case, the law only provides part of the solution – common sense and industry compliance are key components in addressing this ever-changing threat.”
To read the full article in Insider, please click here.
