You may well have been following the Morrisons Supermarket case which involves a disgruntled ex- employee stealing sensitive data about the company’s employees and publishing it on the internet.
In law, Morrisons have been found to be culpable for the data breach and as well as facing fines from the Regulator, they could potentially have cases brought against them by the employees affected. Law firms are gearing themselves up to attract and represent employees in similar situations.
Although Morrisons did not carry out the “crime”-they did employ the person concerned and gave him access to the sensitive information. They were deemed to have failed in their duty to safeguard the data. This case confirms the principle that vicarious liability applies to the Data Protection Act and has now set a precedent wherein an employer can now be found liable for an employee’s indiscretions when it comes to cyber, information and data misuse. This is especially concerning, even if an employer has taken all precautions and has been seen to put all reasonable safeguards in place.
It’s worth noting that Morrisons will grab the headlines on a story such as this, due to its corporate image. However, cyber-crime is far more likely to be committed against SME businesses and as the World becomes more and more interconnected, cyber-crimes against SME businesses are going to rise. According to a new report small UK businesses already face a threat of 65,000 cyber-attacks per day. Many small businesses are still underestimating the threat, this relatively new menace can pose to their reputation and potentially to their livelihood; they are not prepared to deal with any of the numerous cyber exposures they face and as this article points out, it’s not just threats from outside the business, it could also come from inside.
GDPR has woken many businesses up to the risks of cyber-crime and their responsibilities in this arena. This is not just about your reputation and livelihood; it is also about protecting your employees, customers and clients as well.
Unfortunately this is likely to be an area of growing concern and highlights the need for both adequate safeguards/controls and a Cyber Liability Insurance policy.
Cowens Survival Capability and Risk Solutions recommend that on a very basic premise you should:
Prepare a data breach plan with step-by-step actions to take
Rehearse the plan with all employees
Designate who is responsible for what during a breach
Regularly circulate and update the plan so senior staff are familiar with it
Cowens can help you create your cyber plan, implement it and monitor it.
If you would like to know more about the products and services currently available please contact us.