In this 16 page Executive Report StrategicRISK explores how protecting private data from prying eyes poses some serious risk management questions. And we suggest some solutions

THE NUMBER AND COST OF DATA BREACHES APPEAR TO BE RISING EACH YEAR. While incidents and costs are fairly well documented, it is more diffi cult to gain a full picture of the situation in Europe, since notifi cation of potentially aff ected customers is not mandatory in all countries for all types of companies. This may change, however, as the European Commission seeks to tighten and harmonise data privacy regulations.

The Commission’s proposals are the result of the technological developments and the growth in globalisation that have taken place since the current Data Protection Directive was introduced. Not least among these is the growth in cloud computing, which poses some particular risk management challenges. Handing over-sensitive data to a third party inevitably carries risks. But these may be especially signifi cant in view of the fact that the cloud is a relatively recent phenomenon.

For example, it can be diffi cult to ascertain where data is stored in the virtual cloud environment, the robustness - or otherwise - of the cloud provider’s security, and even in some cases whether the cloud provider is handling data in a lawful way. The traditional checks that companies run when outsourcing may be much harder to enforce. The fi nancial and reputational costs of a data breach can be enormous, and risk management plays a key role in minimising likelihood and potential losses. In addition to technological protections against system intrusions, more companies are fi nding the need to enforce controls to guard against internal risks.


Employees’ actions - deliberate or unintentional - are one of the key causes of data breaches. For some risk managers, potential leaking of confi dential information by employees on social networking sites is a particular concern. Companies are responding to the ‘insider’ risk by increasing awareness and in some cases establishing guidelines on social networking. Should the worst happen, companies need to respond quickly and effi ciently to minimise damage, which can include signifi cant business interruption costs. Dealing with a data breach is becoming a crucial component when designing crisis management plans.

It is not surprising that today’s increased focus on preserving data privacy has boosted interest in cyber risk insurance. In turn, some insurers have fi ne-tuned cover to meet companies’ needs more precisely, for example covering the costs of forensic investigation into a suspected incident and off ering panels of experts to help handle breach responses.

Click here to download this report as a PDF

Click here to view this report on a tablet or onscreen