9th Annual e-Crime & Cybersecurity Benelux
December 3rd, 2019, Amsterdam
Putting a price on cybersecurity
GDPR fines hit both privacy and security breaches: time for a rethink?
The latest GDPR fines change the cybersecurity calculus.
The regulators at least have determined that the authorised misuse of data is worthy of a fine in the tens of millions of euros, and that the inadvertent loss of data can cost those who lost it seven figure sums.
These fines, finally, give the business world what it needed: a way to calculate the materiality of data protection and data privacy, and to suggest the levels of budgeting appropriate to the newly measurable risk.
But where should any new funds be allocated?
GDPR is notionally focused on data privacy, and security professionals have long distinguished between data protection (securing data against unauthorised access) and data privacy (managing authorised access - who has it and who defines it).
This has led to the assertion that data protection is essentially a technical issue, whereas data privacy is a legal one.
The GDPR fines render this distinction philosophical: data privacy is compromised both by technical failures in data protection, and by failures in data management ethics or processes. Regulators are therefore penalising both.
Underlying these fines is the simplifying idea that businesses should pay material amounts of money for putting clients (especially retail) at risk of inconvenience and loss. As AI, autonomous vehicles and other IoT developments gather pace, the potential for data loss to cause harm will only increase.
To avoid these types of fines, businesses must rethink the silos that have separated fraud, privacy and security, and think instead of a holistic architecture that delivers watertight data governance more broadly.
So in this new era, who is responsible for what? And what do information security professionals need to do about it? The 9th e-Crime & Cybersecurity Benelux will cover these and other key subjects for its audience of professionals tasked with safeguarding digital assets and sensitive data.