Cyber security risks today

Download PDF

Jump to section:

1. What are the risks of cyber security breaches?

2. How can you manage those risks? And what are the ways forward?

Video transcript

1. What are the risks of cyber security breaches?

A major risk for cybersecurity breaches is reputational damage, where companies, or clients, or the general public realise that a company is not complying with the proper data privacy regimes or not properly protecting and securing data that's given to them. That can be a devastating consequence for companies running their business operations. So, reputation is a major concern when it comes to cybersecurity incidents. Another issue is in relation to data privacy regimes and their sanctions. For example, the GDPR came into effect in May 2018. And since then, a lot of companies have been on high alert as to what happens if there's a data breach. The GDPR, which is the General Data Protection Regulations of the European Union, actually provide that if a data breach is discovered, it must be reported to the regulator within 72 hours. And not only is there this really tight notification period, the penalties are very draconian - It's 4% of the global annual turnover of the company, or EUR20 million, whichever is higher. So, this is a highly significant penalty compared to usual penalties that other data privacy regimes may have. In Hong Kong, the GDPR could also apply, as the GDPR actually has a cross-territorial application. But just on the Hong Kong data privacy regime perspective, it's also important that those laws are complied with as well. A lot of laws nowadays have been changed in order to provide better protection for data subjects, which are the people you collect data from. For example, customers, employees, people who visit your office space or residential space. And all of these, all the information that's collected that can identify the person, could be considered personal data depending on which applicable laws apply. That would also depend on where the information is collected, where the data subject is, and also if the information is transferred to other places. If it is transferred to other jurisdictions, those laws may also apply, as well. So, when it comes to using technology and making a streamlining of business systems for efficient functioning of the company, companies really have to look at data privacy laws.

2. How can you manage those risks? And what are the ways forward?

A good way to manage risks is to actually have a playbook ready and in place. This would hopefully set out all the potential steps that need to be taken in order to first, securely safeguard all the data that's collected; collect it in a manner that is proper and in compliance with the laws, and ensure that all people handling the data are trained in those methods in order to keep it secure, to store it properly, to destroy it properly. And that they're trained to be alert as to what the risks are, and what to do if there's a security breach or unauthorised disclosure of any sort. In the future, technology is probably going to continue to feature as a major turning point for many businesses. With all the disruption that it has caused earlier with blockchain and the uses of blockchain since blockchain was first invented around 10 years ago, or 12 years ago, it has been developing and a lot of businesses are trying to adapt to evolve with these type of technologies. A lot of stakeholders are very interested in how to make use of it in order to earn more profit, in order to smooth out the more tedious types of work. And so, this is something to look forward to in terms of how the technology can further build up businesses.

More videos from Hin Han Shum, Squire Patton Boggs

Latest Articles

Latest News