HolidayBlogging

Tag: firewall

  • Cyber Risk: The Leading Business Threat of 2020

    Cyber Risk: The Leading Business Threat of 2020

    In January the Information Commissioner’s Office (ICO) fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.

    When the Till System Turns into a Trojan: DSG’s Big Data Slip‑Up

    So, what went wrong?

    In a classic “stealthy saboteur” move, a bad actor planted malware on a whopping 5,390 retail terminals across DSG’s Currys PC World and Dixons Travel outlets. The digital prank ran from July 2017 to April 2018, a nine‑month stretch filled with stolen personal details.

    Who’s on the hook?

    • • 5.6 million payment card numbers – all of them compromised.
    • • About 14 million people had their names, postcodes, e‑mail addresses, and even whether their credit checks failed—all dumped onto an unsuspecting server.

    Why the ICO called the out:

    Before GDPR shook up the compliance scene, DSG was still grooving to the Data Protection Act 1998. The ICO found them sticking the “untouchable” flag on the system:

    • • Software patches? Not updated.
    • • Local firewall? Non‑existent.
    • • Network segregation? A big “no.”
    • • Routine security testing? Still pending.

    Due to these huge gaps, the ICO slapped the maximum penalty available under the old law. “If this were GDPR, we’d make that fine even heavier!” they said.

    Customers in the hot seat

    The breach sparked a flood of worries: 158 complaints flew in from June to November 2018, and by March 2019 nearly 3,300 victims had reached out directly.

    Why this matters to you

    In a world where cyber‑attacks are getting more “every day” than “every other day,” a company’s failure to lock down data isn’t just a technical misstep – it’s a privacy guillotine. Imagine the dread of identity theft sneakily waiting in your inbox. That’s the reality DSG customers faced.

    The cost subplot

    Costly – yes, for DSG’s wallets and for their brand reputation. Picture a bank that’s both bleeding money and losing trust like a sinking ship in a storm.

    What the latest risk pulse tells us

    According to Allianz’s 2020 Risk Barometer, cyber risk has leapt to #1 on the list of corporate fears. Only 15 years ago, it was just the 15th lumbering worry. If executives aren’t staying awake over cyber threats, they’re definitely letting the bandits in.

    How to become cyber‑resistant

    1. Embrace Cyber Essentials – the NCSC’s beginner stack is perfect for SMEs.
    2. Ask yourself: “Are we covered by existing insurance?” Most policies do not blanket cyber threats, so keep them separate.
    3. Consider a cyber insurance policy. They help with business interruptions, privacy breach fallout, cyber extortion, hacker damage, and even media charges. Some give forensic support right when trouble hits.
    4. Good news: last year, 99% of claims on ABI-member cyber policies were paid. That’s a pretty solid rate for any insurance brand.

    Bottom line – protect, or profit from a leak

    Every time a bad guy finds a drip in your security, they’re dancing in a smug “I got you!” trail. Shield your systems, test your spots, and keep an eye on policies tailored for cyber. That’s how you dodge the “big data slip-up” and keep your customers’ faith intact.

    As the NCSC advise:

    Why Cyber Insurance Is Not a Magic Shield

    Thinking of buying cyber insurance? Remember: it’s more like a backup plan than a bulletproof vest. It won’t stop a hack from happening, but it can hand you extra tools while you’re scrambling and once the dust settles.

    Take a Pause Before You Sign the Policy

    • Scope & Scale: Dig into what actually gets covered. Are the “full coverage” claims too good to be true?
    • Operational Guidelines: Most insurers will set up their own rules. Make sure you can follow them—otherwise you’ll be left holding the bag.

    Read the Fine Print Like a Detective

    Insurance isn’t a cure-all. If you already had a tech glitch that you overlooked and it turns into a breach, you’re probably out of luck. The insurer will say “no coverage” if you didn’t act on known risks.

    GDPR: It’s Not Just Billable, It’s Required

    Under the General Data Protection Regulation, you must have security measures that match the risks you face when handling personal data. That means both tech safeguards and smart organizational policies.

    Make Cyber Resilience a Year‑Round Habit

    Whether you run a startup, a law firm, or a bakery—cyber defense should be a standing reminder, not just a New Year’s resolution. Stay vigilant, stay prepared, and keep that checklist on your desk.