a hand behind with a lock illustration with circuit board and network lines with a cityscape in the background

Who Is Responsible for Cyber Security and Privacy?

#KingstonCognate introduces Bill Mew

Picture of Bill Mew

Bill Mew is a key opinion leader, digital ethics campaigner, and entrepreneur. As a key opinion leader, Bill focuses on striking the right balance between “meaningful protection,” where he has been ranked as the top global influencer for data privacy, and “the maximization of economic and social value,” where he is also one of the top influencers for everything from cybersecurity and digital transformation to govtech and smarter cities. He also makes weekly appearances on TV/radio (BBC, RT, etc.) as an expert on these topics—with more broadcast airtime than any other technologist in the UK.

As an entrepreneur, Bill is the founder and CEO of CrisisTeam.co.uk, where he works with an elite team of experts in incident response, cyber law, reputation management, and social influence to help clients minimize the impact of cyberattacks.

We are ALL responsible-collectively and individually

In many organizations, there is a prevailing attitude that cyber security is something only a CISO does, or that privacy is something only the compliance department does. Unless there is more collective responsibility for both cyber security and privacy, our data will not be secure and if things go wrong, we’ll all be held liable-both collectively and individually.

In such organizations, senior management is still failing to take cyber security and data privacy seriously. All too often they believe that these are tasks that can be delegated to the CISO or DPO (Data Protection Officer) and forgotten about. If senior management continues to see things this way, it is hardly surprising when this kind of attitude permeates down through organizations and staff at all levels fail to take these issues seriously.

3 Things Organizations Should Think About:

a hand pulling one domino piece stopping falling ones from collapsing the rest

1. If your procurement manager opts for unencrypted devices

If the decision to procure unencrypted USB drives, SSDs, or IOT devices is based purely on price, without considering whether they are secure or have hardware encryption, then those unencrypted devices create a cyber vulnerability. This puts the whole organization at risk of a data breach.

2. If staff reuse passwords or take shortcuts to bypass security measures

If staff fail to follow basic cyber security rules and are careless with passwords or email attachments, they are putting the security of the entire organization at risk. Cyber criminals actively target weak or known passwords and use phishing tactics to compromise the security of their victims. These are some of the most common attack vectors for cyber incidents.

3. If a CMO takes the occasional chance with the use of private data

The GDPR stipulates that personal data can only be collected with consent for a stated purpose. If you harvest or share data illegally then you are putting everyone at risk of major fines and litigation.

Who is responsible if these things happen? Organizations are and SO are we!

close up view of team hands put together

We all need to take cyber security and data privacy seriously

If you see that your organization is using unencrypted USB drives, SSDs, or unsecure IoT devices, you need to speak out. If you notice your colleagues failing in their cyber hygiene, you need to speak out. If you witness a member of the marketing department using customer data inappropriately, you need to speak out.

Change of culture is key

If we are to change attitudes and make people take cyber security and data privacy seriously throughout the entire organization, from top to bottom, we need to change the cultural mindset.

There are plenty of incentives for organizations to do so. There is clear evidence that customers will happily do business with organizations they think will take care of their data and are more reluctant to do business with those that do not. Retaining customer trust and avoiding any kind of cyber security incident that can undermine such trust should be at the forefront of all our minds.

close up view of wooden blocks with the word FINE and a gavel

In addition, there are plenty of deterrents to make organizations take data protection seriously. For starters, the GDPR stipulates a maximum fine of €20 million or 4% of annual global revenue-whichever is greater-for EACH incident. The cost of fixing an incident can run into millions and if it’s a ransomware attack, the cyber criminals could be demanding a multi-million-dollar ransom on top of this. You could also face litigation from the people whose data was compromised.

As if such sanctions on an organization were not enough, there are also emerging sanctions on individuals as well. A recent case in the US set a new precedent for a cyber incident case, when board members and a CISO were individually named as defendants. A report by analyst firm Gartner has predicted that CEOs could soon be personally liable for cyber-attacks.

As citizens and as customers, we want organizations to protect our data. And when we are responsible for the data of others, the standards need to be just as high. We should be concerned—both collectively and individually-that we could all be held liable. But we should be equally motivated to focus on data protection because it is the right thing to do.

Ask an Expert

Kingston can offer you an independent opinion on whether the configuration you’re currently using, or planning to use is right for your organisation.

Self-encrypted SSDs

We offer advice on what benefits SSDs will bring to your specific storage environment and which SSD is most suitable for your mobile workforce to ensure you are working securely on the go.

Ask an SSD Expert

Encrypted USB Drives

We offer advice on what benefits using Encrypted USB will bring to your organisation & which drive is best suited to your business needs.

Ask a USB Expert

Learn more about Kingston’s line of Encrypted storage solutions

Related Articles