Expanding Cybersecurity Solutions Five data security questions for SMBs in light of the expanding consumer privacy laws
BWy Richard Kanadjian
ith the expansion of privacy laws abroad and in the U.S.—HIPPA, CCPA, and GDPR as examples—data breaches are serious issues for any company that holds PII (Personally Identifiable Information)
of consumers and or any other sensitive information. California’s Consumer Privacy Act (CCPA) goes into effect on January 1 and will affect not only companies in California, but also companies nationwide with serious financial penalties for businesses. Already in effect is the European Union’s GDPR regulation, where non-complying organizations can be fined up to 4 percent of annual global turnover or €20 million, about $20 million-plus U.S. dollars, or whichever is greater.
Under GDPR, companies can be fined for not having their re- cords in order, not notifying the supervising authority and those affected by a breach, or not conducting an impact assessment.
How businesses store, transport and manage consumer and company information has become critical for not only large com- panies, but small and medium-sized businesses (SMB) as well.
8
1019 | SECURITY TODAY
What Could a Data Breach Cost a SMB?
Databreachesarenotjustariskforlargebusinessesandgovern- ment agencies. Small businesses that collect customer and other sen- sitive personal information are also at risk in today’s high-threat en- vironment. Verizon found in their 2019 Data Breach Investigations Report that 58 percent of all cyberattacks target small businesses.
The cost of a data breach for a SMB is a topic of debate be- tween leading researchers and companies. The Ponemon Insti- tute put the average cost for a small business that was hacked at $690,000 and over $1.2 million for a mid-sized business in 2018. Kaspersky Lab found that the average cost of a data breach and recovery to a small business is $269,000—$120,000 for the data breach and $149,000 for breach recovery. Either way, a data breach could lead to more than just loss of money for a SMB.
How Does the California Consumer Privacy Act (CCPA) Affect Businesses? While the CCPA is meant to enhance the privacy rights and con- sumer protection for the residents of California in the United
PRIVACY LAWS
Rawpixel.com/Shutterstock.com