The announcement by Yahoo that 500 million accounts were stolen, in what is regarded as one of the largest cyber security breaches ever, confirms that cyber risks are here to stay.
The announcement by Yahoo comes hot on the heels of a study by Lloyd’s of London highlighting that 92% of European businesses suffered a cyber breach in the last 5 years.
The report by Lloyd’s entitled “Facing the Cyber Risk Challenge” found that whilst 54% of CEO’s in European companies are taking responsibility for cybersecurity, the majority of businesses seriously underestimate the impact of a cyber attack with only a minority believing that such an attack would damage share price.
Whilst US businesses have recognised cyber risks as a significant board room issue for some while now, it seems that European businesses are behind the curve.
The impact of the General Data Protection Regulation (GDPR) which comes in to force in May 2018 and applies significant fines for data breaches is a piece of law that according to the Lloyds survey 50% of businesses said they knew “little” or “nothing” about.
Returning to the Yahoo data breach it will be interesting to see how the announcement of the breach will impact the acquisition of Yahoo by Verizon. It would be interesting to know how much due diligence was paid by Verizon to Yahoo’s cyber security and data incident plans and it would also be interesting to understand why Yahoo only recently disclosed the significant data breach when it must have been aware of it for some while and particularly might have felt it an important issue to reveal to Verizon in the course of due diligence.
The haemorrhaging of personal data and business secrets by companies that are the subject of data incidents whether internally or externally caused means that unless business executives, legal counsel, and compliance take cyber risk seriously there will be more bleeding companies named and shamed on a regular basis.