No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Data Privacy Day: Let’s Take Stock of the Threat Landscape and State of Data Protection

Acceleration of Cyber Risk in 2021 Will Likely Continue through Data Privacy Day 2023 and Beyond

by Jason Stirland
January 28, 2022
in Cybersecurity, Data Privacy, Risk
Illustration of small figure walking through a keyhole.

Since last year’s Data Privacy Day, system down times have continued to lengthen. Cyber insurance has continued to grow more expensive. AI remains a double-edged sword. As always, awareness training and security protocols serve the best shields in the ongoing defense against cybersecurity breaches.

Data Privacy Day – or Data Protection Day for EU readers – is a yearly reminder for organizations of the importance of compliance. Data plays such a mission-critical part of an organization’s infrastructure that they must make it their utmost priority to ensure that cybersecurity procedures are in place to safeguard data from getting into the wrong hands. 

Ultimately, all stakeholders care that their data is protected – employees, customers, or partners. For organizations to build and maintain that trust, they must embed a culture of compliance with data protection throughout the organization. This culture involves closing knowledge gaps by educating and regularly refreshing data protection or GDPR training with everyone in the business. 

It’s been almost two years since the global pandemic started, which along with uncertainty about health and the economy, brought a huge surge in cybersecurity attacks. It’s true that cybercriminals have always been opportunistic and that cyber threats are constantly evolving to take advantage of our online behaviors. Sadly, the COVID-19 pandemic proved no exception to this rule.

2020 and 2021 offered cybercriminals the perfect storm: a mass shift to home-working (for which many organizations were not fully prepared) and a distressed, distracted workforce, with employees worried about themselves, their loved ones and their jobs.

It seems that, as the virus continues to spread around our planet, cybercrime follows in its wake.

In the UK, the National Cyber Security Centre (NCSC) took down more scams in 2020 than in the previous three years combined, with COVID-19 and NHS-themed cybercrime fueling the increase. 2021 data is forthcoming. Across the pond in the US, it’s a similar story, with reported losses from cyberattacks hitting $4.2 billion in 2020. Worryingly, a global cybercrime assessment by INTERPOL also uncovered a significant target shift from individuals and small businesses to major corporations and governments. It seems that, as the virus continues to spread around our planet, cybercrime follows in its wake.

For sure, cybersecurity will continue to be a high priority for IT professionals and compliance experts alike in 2022. Organizations will continue to battle cyber threats for business continuity and reputations. As cyberattacks continue to increase in both velocity and scale, the cost of data breaches also looks to rise exponentially.

Data protection teams can use Data Privacy Day as a means to call attention to growing threats and challenges, such as the following.

The Evolution of Ransomware

Ransomware will likely continue to grow as cybercriminals compete to find new ways to penetrate systems and wreak havoc. One of the end goals here is to cause a lot of damage and make it difficult for IT teams to gain back access and recover their data (after all, the longer this takes, the more data can be stolen and sold on the dark web and the higher the ransom can go). Due to this, affected organizational downtimes are likely to increase in 2022 (the average downtime is now 23 days), causing unimaginable disruption to all types of industries and supply chains.

Additionally, the volume of ransomware attacks is expected to increase across 2022. Indeed, whilst 2022 will see the sophistication of ransomware improve (cybercriminals are deploying more nuanced attack vectors and corrupting data in new ways), it doesn’t require much IT knowledge or hacking experience to send this type of malware. Ransomware can be sent pretty much ‘out of the box’ as it were – and, sadly, the financial rewards for the unscrupulous few can be huge.

It will be imperative to check and double-check software and systems in 2022. Ensuring the latest anti-virus software is installed on PCs and mobile devices, that email gateways are secure, and those system administrations are tested regularly for vulnerabilities.

The Risks and Rewards of Artificial Intelligence

Ever a hot topic beyond Data Privacy Day, the transformative power of artificial intelligence (AI) is widely considered as one of the greatest commercial opportunities of the 21st century. Indeed, it already enhances many of our modern business functions, allowing businesses to do things like automate processes, gain insights through data interrogation, and engage with customers and employees seamlessly.

Of course, AI is also useful for risk management and compliance functions, since both these operations rely on information and analysis by design. They involve collecting, recording, and processing a significant amount of data, and as such, are ideal for deep learning.

Artificial intelligence and machine learning technologies are powerful, but expectations must not exceed reality in this sense. Indeed, across next year, organizations hoping to leverage AI across various functions will need to remain vigilant as to the new types of risks this involves. AI can amplify bias (in hiring practices or consumer advice), breach data privacy or use laws, or pose cybersecurity threats by allowing for faster, better targeted and more destructive attacks to take place. Although, it can counter cybersecurity risks too.

Business leaders, it seems, will ultimately face one fundamental challenge when it comes to AI: finding a way to utilize its benefits without creating unreasonable compliance and risk issues.

The Rising Cost of Cyber Insurance

Cyber insurance covers organizations’ liability in the event a data breach involving personal data (credit card numbers, account numbers, health records, Social Security numbers etc.) occurs. Depending on the type of policy, it can also help offset the costs associated with a cyber-attack, for example, loss of business or the need to bring in IT experts.

With more policyholders and a higher-than-usual frequency of cyber incidents to deal with during the 2020/21 pandemic, it’s no surprise that insurers paid out more in cyber claims during these years than in any year prior. Of course, as the global situation rages on and cybercrime continues to rise exponentially, more and more companies have turned to insurers asking for higher policy limits. Many organizations merely want to help balance the risks of remote working and the new/existing technologies associated with this shift. But, equally, many more are worried about the rise in phishing attacks and related malware/ransomware occurring globally.

Most companies plan to maintain the changes to their technology and working arrangements post-pandemic (hybrid and remote working have proved immensely popular with employees). As a result, insurers are likely to respond by restructuring, widening, and increasing the cost of cyber insurance policies. It also wouldn’t be surprising to see some insurers reduce their pay-out amounts too, particularly for things like phishing, which usually involves an employee error.

In light of this, I recommend that all companies carefully review their cyber insurance policies at the start of 2022 and familiarize themselves with the terms and conditions included within them. Ensure the policy has a wide-enough scope to cover any new working arrangements, whether temporary or permanent fixtures.

The Focus on Cybersecurity Awareness Training

Out of uncertainty often comes change and innovation – and it will be no surprise to see the increased prominence of cybersecurity awareness training in 2022, particularly at the C-suite level. After all, the most significant risk to IT security is often the end-users themselves. By educating employees in cyber hygiene to a high standard, your cyber risk as a business is significantly reduced.

Continuous awareness training is imperative when it comes to battling the sort of errors in judgement cybercriminals hope we’ll make – and this is especially true when we’re working remotely and might feel more relaxed. Hackers count on the fact that it’s far easier to make an error in judgement, e.g., clicking on a malicious link, connecting to evil twin WiFi, or using and reusing weak passwords when working outside the office. This is because, even though we’re all well versed in the dangers of these things (and many of us think we won’t fall for it), without continuous awareness training to keep threats fresh in our mind, it’s all too easy to let complacency creep in. Of course, this threat increases away from the formal working environment and the safety of the organization’s firewalls, IP blocking, and other security software.

Another substantial risk mitigation and cybersecurity tool that will take off in 2022 is the usage of phishing simulators to test and track employees’ vigilance and deploy additional awareness training where it’s needed. There is no substitute for heightened awareness, and refresher learning interventions about cybersecurity best practices should not take long. Microlearning has shown itself to be very effective at keeping learners engaged with core compliance messages.

Risk Mitigation in 2022

Every Data Privacy Day serves as a reminder that bolstering cybersecurity is a continual undertaking for organizations. It’s a serious step in the process to stay abreast of the latest news, industry insights, and up-to-date statistics around cybercrime and data leakage. Cybersecurity statistics have an empirical value for compliance risk owners as they can point to knowledge or training gaps within their organization and alert compliance managers to growing or urgent threats.

The challenge, of course, will be to translate this information into practical and agile risk management strategies and security solutions.


Tags: Artificial Intelligence (AI)Cyber RiskCybercrimeRansomwareTraining
Previous Post

RRA Divides and Dividends: Leadership Actions for a More Sustainable Future

Next Post

Clausematch 10 Compliance Technology Trends for 2022

Jason Stirland

Jason Stirland

Jason StirlandJason Stirland is CTO at DeltaNet International. Having completed his degree in Networking & Communications Technologies, he has spent nine years working in eLearning. From starting his career as first-line technical support, Jason has expanded his role to incorporate programming and sales and often hosts consultative software meetings for key clients. Jason has been responsible for developing DeltaNet’s Astute Learning Management System, as well as the organization’s IT/security infrastructure and software strategy.

Related Posts

castle pixel art

Building a Defense-in-Depth Culture to Combat Phishing

by Perry Carpenter
March 22, 2023

Phishing attempts are only growing more sophisticated by the day, and effective cybersecurity means defending all the vectors of attack,...

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

2023 EEOC and Employers: Investigating Harassment and Discrimination

2023 EEOC and Employers: Investigating Harassment and Discrimination

by Aarti Maharaj
March 14, 2023

With employment discrimination on the rise, EEOC encourages employers to provide anti-harassment training to their employees and managers and to...

Onboarding Best Practices for Millennial and All Employees

Onboarding Best Practices for Millennial and All Employees

by Aarti Maharaj
March 14, 2023

Reducing turnover and fast-tracking new employees to productivity is a key business imperative. The reality is that about 30 percent...

Next Post
Clausematch 10 Compliance Technology Trends for 2022

Clausematch 10 Compliance Technology Trends for 2022

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT