Cyber exposures are fast outstripping physical risks. Worldwide, five million records are exposed every day. In the first half of 2017, there were 918 data breaches worldwide. The top three online threats are:
- Ransomware – a type of malware (malicious software) which blocks access to a computer system until a sum of money (ransom) is paid. Since 2016, there have been more than 4,000 ransomware attacks daily.
- Phishing – sending emails purporting to be from reputable companies to induce individuals to reveal personal information. This threat is becoming increasingly sophisticated, as 76% of organisations experience phishing attacks. Also, “vishing” (via voicemail / phone calls) and “smishing” (via text messaging): 45% of organisations experience “vishing” or “smishing” attacks.
- Social engineering – use of deception to manipulate people into divulging confidential information which may be used for fraudulent purposes.
The majority of data breaches are accidental: simply mistakes made at work resulting in data being exposed. Usually, it is unlikely that data gets into the wrong hands. However, one in three breach victim experiences fraud. In terms of consumer impact, identity theft claims 16.7 million victims a year, totalling USD 16.8 billion in total fraud losses.
General Data Protection Regulation (GDPR) comes into force on 25 May 2018. It is the most stringent privacy law in the world, covering data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It is significant for consumers as if a business misuse your data or has a data breach, it can be fined up to 4% of annual revenue. Businesses also are obliged to notify national supervisory authorities within 72 hours in the event of a data breach which has an adverse effect on user privacy.