Page 18 - 10052 WORSH Marketor Issue 79.indd
P. 18
BUSINESS LECTURE TWO:
Richard Christou
Cyber security and privacy – threats and opportunities Master
The second lecture by Dr. Henry Pearson focused on data security and data privacy. He spent 25 years in
senior appointments at Detica plc, a leading supplier of cyber security products and services to governments
and commerce. He provided extensive advice on cyber security to the UK MOD with hands-on experience
RI KDQGOLQJ PDMRU F\EHU DQG SULYDF\ LQFLGHQWV DQG QRZ IXOÀOV D QXPEHU RI UROHV IRU WKH 8. 1DWLRQDO &\EHU
Security Centre.
The costs and other impacts of cyber other necessary measures to ensure particularly to form a close
attacks WKH\ DUH SURSHUO\ FRQÀJXUHG WR relationship with the CIO or CSIO.
Henry began by pointing out that provide security. In this area Data protection and privacy
data security should be the concern government is currently taking a very Henry then turned to consider data
of everyone in the business, including active role. The National Cyber protection and privacy. He made the
the marketing department. Successful Security Centre has now been point that the question of privacy is
cyber attacks not only cause created, as part of GCHQ, to be the intimately bound up with cyber
FRPSDQLHV ÀQDQFLDO GDPDJH WKH single point of advice to the UK security. Loss of data automatically
impact on the reputation of the government on cyber security, involves loss of privacy for those
victim’s brand and on its enterprise providing world class incident affected.
value or share price (if quoted) can management capabilities. However, privacy of data is also
also be severe. Managing the consequences of a concerned with fears that data
cyber attack
The costs associated with cyber holders may misuse or improperly
attacks are escalating rapidly. The Henry next moved on to give some disclose the data they hold on their
DQWL YLUXV ÀUP 0F$IHH HVWLPDWHV WKHP advice as to how to deal with the customers. The implementation of the
at $600 billion annually, (0.8% of the consequences of a cyber attack. General Data Protection Regulation
global GDP), while Forbes is How a company reacts can (GDPR) is of course intended to deal
forecasting $6 trillion per year on materially affect the business with these issues.
average through 2021. Many major outcome. The basic principle is open, In his view CMOs have a pivotal role
incidents have collectively cost their honest and timely announcement of in dealing with the way the business
victims up to $1 billion, and even the problem and the steps being reacts to GDPR. They should be
single company costs can be in the taken to deal with it. concerned that the following matters
range of $10 million to $100 million, He cited LinkedIn (which lost 117 have been dealt with, either through
and sometimes more. million passwords and email the marketing department or that of
However, the fallout from the loss of addresses), Adobe and MumsNet as the CIO or CSIO:
personal data creates just as many examples of such communication. Of • Audit of data holdings
serious issues. For instance, Yahoo course, the cost to remedy the
suffered three major breaches problem was still incurred but &RQÀUPDWLRQ WKDW GDWD HQFU\SWLRQ
affecting the data of around two reputational damage was minimised. has been implemented, where
needed
billion accounts. As a result, its sale On the other hand both Yahoo and
price to Verizon was reduced by $4 $VKOH\ 0DGLVRQ VXIIHUHG VLJQLÀFDQW 5H FRQÀUPDWLRQ RI FRQWDFW
ELOOLRQ UHÁHFWLQJ D PDMRU GHFUHDVH LQ reputational damage by trying to preferences from customers
enterprise value. Talktalk, the mobile ignore the problem and hoping it • Audit of the methods used by the
phone company, lost the data for would go away. business to gather and record
150,000 users. As a result tens of It is essential to have a crisis customer permissions
thousands of customers went to other management plan prepared in • Audit of contracts with, and
suppliers. advance, so that it can be oversight of, third parties who
implemented quickly whenever
Preventing cyber attacks – the handle personal data collected by
technology necessary. Such a plan needs to the business
address all stakeholders, as well as
Henry said that cyber intrusions are keeping the general public informed The implementation of GDPR will
inevitable, but this did not mean if a public service provider is involved. UHTXLUH PDQ\ FRPSDQLHV WR UH
companies should give up and live in FRQÀUP WKH SHUPLVVLRQV DQG
fear. Eighty to 90% of cyber attacks Cyber security and the CMO preferences of their customers and
could be prevented by relatively Finally, Henry turned to consider the potential customers whose data they
simple and cheap measures. He gave particular duties of the CMO in the hold. Henry made the point that this
the following pieces of advice, simple ÀHOG RI F\EHU VHFXULW\ ZKLFK KH can be done in a positive manner,
to implement and important not just described as follows: reinforcing the image of the brand as
for business but for all of us as home • Help identify key stakeholders one that cares about customers’
users as well: 8QGHUVWDQG EUDQG VSHFLÀF ULVNV data.
1. Always apply patches and • Engage in Business Continuity Plans You can read full notes on Henry’s
updates to your operating system lecture and some further comments
and other software as soon as they • Oversee the design and on it from me in my Master’s Blog Two.
become available. implementation of the Crisis You can also read a full discussion of
Management Plan. GDPR and privacy issues in my
0DNH VXUH \RXU ÀUHZDOO LV WXUQHG RQ
Henry concluded by commenting Master’s Blog 3. Both Blogs are
,QVWDOO DQ DSSURSULDWH DQWL YLUXV that in order to discharge their available on the Marketors’ website
program. responsibilities, CMOs need to work at http://marketors.org in the News
For larger systems there are of course with all members of the C–Suite, and Section.
18 marketors.org WORSHIPFUL COMPANY of MARKETORS
