Interesting article in The Times featuring the recent DLA Piper survey on data breaches and associated fines.  This clearly shows the impact that the GDPR is having in driving both the quantity of incidents being reported and the level of financial penalties being employed.

I cannot agree more with the quote from Ross McKean at DLA Piper in that: “We are still in the early days of enforcement [and] We expect to see momentum build.” This is an issue that is becoming increasingly at the forefront of senior management's minds, regardless of industry or maturity of the firm.

Equally we are seeing this becoming a more and more important feature in transactions where both buyers and sellers are increasingly focusing on cyber risk during due diligence exercises as well as post-deal activities.  Key to these concerns is a focus not just on the technical measures but more importantly on the human controls and how risk is identified, managed and mitigated within an organisation.  Any investments in cyber security need to be fully assessed based on how they help management mitigate business risk in a cyber context rather than a simple technology purchasing decision.

Cyber and data risk is not an issue that is suddenly going to be "solved" therefore companies need to get comfortable with the level of risk they face and how best to mitigate those risks.