Cybercrime is a continuing and rising threat. It has been in the news extensively and we have commented on the threats posed by Ransomware and DDoS attacks. We have also commented that 60% of cyber attacks are on SMEs
Here in Singapore we are far from immune to this as SMEs are increasingly becoming soft targets for cyber criminals who see SMEs as easy targets as they often lack the resources, expertise and technical manpower to defend themselves against cyber attacks.
As a result of this, digital data breaches are becoming an all too frequent occurrence today. What is less on the radar of the average SME business owner is the rising number of lawsuits brought brought by customers, government agencies, employees and a variety of other stakeholders.
Cybersecurity is more than just an IT challenge – cybersecurity is now a business and legal imperative.
What Risks Do I Face?
Broadly speaking there are 2 categories of litigation risks:
1. Criminal prosecution by Government regulatory authorities for the loss and misappropriation of consumer data.
Here in Singapore this is set out in the Personal Data Protection Act and the penalties for breaches of this legistlation are onerous with fines of up to $100,000 and custodial sentences of upto 3 years. The position is similar in most other countries in the region.
2. Civil prosecution by customers, employees and a variety of other stakeholders.
As a SME owner in the business-to-business sector, one of the biggest civil litigation concerns you potentially face is the [temporary or permanent] loss of business client data and your potential liability for your client’s consequential [direct and indirect] loss.
Take for example a professional services firm who experience a data loss as a result of a cyber-attack, and critical client data is lost – or innaccessible – at a time when it is most needed. In this scenario the owner[s] of this firm could face a civil prosecution for recovery of their client’s losses. In the instance of a consequential loss e.g. loss of business arising from the data loss, the liability could be considerable.
The law of contract law and the law of negligence will vary from one country to another, but the general principles remain broadly the same.
We should of course point out that we are not legal advisors! Our perspective in commenting on these issues is that of IT advisor and our purpose in highlighting these points is to draw your attention to the broader dimension of the risks faced by the SME business owner arising from cyber-attacks. To fully understand your legal position you should seek professional legal advice.
Assessing your risk
As with all these issues, the temptation for the SME business owner is to ignore the issue and to think “this won’t happen to me!”
But there are costs to doing nothing, and you will only discover the full extent of that cost when you experience a cyber-attack and your client’s business critical data is lost….
The prudent approach is to conduct a thorough risk assessment followed by an examination and implementation of the most effective solutions to protect your business.
If you would like to discuss this issue and how to protect your business from these threats and exposures, please get in touch and we will facilitate a thorough review to help you gain clarity, we will inform you on your best options, and if required we will implement a solution for you.
Since inception in 1996, PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.
Servicing businesses from 10 to up to 200 employees, our clients range from local SMEs through to regional offices of larger MNCs, and include airlines.