The battle against cybercrime: data protection as the weapon of choice
The German economy feels heavily threatened by attacks on its IT. 6 out of 10 companies (61 %) state that they consider the risk of suffering an attack by hackers or cybercriminals to be quite significant. In the last twelve months, two thirds (67 %) of all companies actually did become the victim of an attack on their IT at least once, and another 14 % suspect that an attack took place, but lack concrete evidence to confirm their suspicion. These figures are the results of a representative survey conducted by Bitkom Research, a market research organization for the digital economy. However, if these companies had employed a data protection strategy, the consequences of these attacks could have been less severe. Every step into the digital future brings with it additional risks. “The use of digital technologies in companies improves both competitiveness and ability to create value, but at the same time also creates new vulnerabilities for cybercriminals to exploit”, says Dr. Axel Pols, CEO of Bitkom Research, “No matter their size and industry, companies should develop an IT security strategy.”
However, this strategy should support both data protection as well as data security. So, what are the main characteristics of an efficient strategy supporting both? Mainly, the following three aspects:
1. Privacy by Design
Specifically in the context of automatization, this aspect has been researched by scientists of Passau University on behalf of the Bavarian Business Association. According to their research, improving operational reliability in an automated factory could actually lead to a decrease in data protection at first, due to the high amount of data collection and –processing measures necessary for such improvements. The only way to avoid this dilemma is by employing a technical design, which complies with the principles of data protection law, such as the guaranteed implementation of all technical aspects of data avoidance and data economy (Privacy by Design). Consequently, the principles of data protection must be followed and implemented from the very start. Our board member responsible for data protection, Thomas Kremer, shares this view and has discussed the topic in more detail in an interview. Of course, this principle of Privacy by Design can and must apply to every other facet of digitization.
2. Embedding data protection into the company culture
Storage specialist Veritas took the GDPR as an opportunity to research the non-technical changes facilitated by the new regulation. The results speak for themselves: seven out of ten companies wish to embed compliance with the GDPR framework into their company culture (71 %). A vast majority wants to use training courses, bonuses, penalties, and contract amendments to incentivize their employees to follow the new data protection regulation. Additionally, almost 50 % of the surveyed companies plan to start including a compliance obligation in their employment contracts, which is not surprising, because 41 % also aim to introduce disciplinary measures for employees violating GDPR stipulations. 25 % would go as far as eliminating employee benefits – including bonuses. At the same time, 34 % stated that they would like to reward employees for GDPR-compliant behavior. The reasoning behind such bonus payments is that employees are supporting data governance efforts with their GDPR-compliant behavior, and are consequently improving the operational results of the company. Clearly, data protection is not only a technological effort, but also part of the digital company culture and has to be embedded in the behavior of a company’s employees – like data security already is in most companies.
3. Prioritizing data protection
Consultants of Deloitte have recently surveyed the market for Connected Car Services (CCS). Around 80 % percent of those surveyed mainly appreciate the increased safety of CCS, followed by lower fuel consumption and – followed at some distance – by the available entertainment options. However, for 64 % reliable data protection is the deciding factor for whether they would possibly decide to spend money on CCS. Subsequently, an overwhelming majority of 80 % wants to retain full control over private data, while only 4 % consider that factor less important or not important at all. This figure clearly demonstrates, how important data protection is, and that it constitutes not a fleeting fad, but an entrepreneurial asset to prioritize. A digital Denver boot against data thieves, so to say.
In summary, only the combination of data security and data protection will allow companies to win the battle against cybercriminals, and even though technology will doubtlessly play an important role in this effort, data protection also needs to be embedded into the cultural fabric of a company and its employees – after all, for consumers this has already been the case for a long time.