We live in a world where small businesses are collectively subject to almost 10,000 cyber-attacks a day, yet many are not prepared to respond to an attack.
This is why it’s vital we all take time to consider what might happen in risk management and cyber security during 2020.
We’re all in this together, so here are our six predictions for likely impacts on your business this coming year, whether you’re a solopreneur or part of a large corporate.
1. GDPR – it isn’t going away
In 2018, businesses hurried to get their GDPR eggs in the right baskets, but that doesn’t mean a blind eye can now be turned on this legislation.
As 2020 kicks off, we’re expecting more fines to be issued following high-profile data breaches that occurred in 2019. We also expect that the numbers of breach notifications made to the Information Commissioner’s Office (ICO) will continue to increase.
Across our client base in 2019 we’ve seen an increase in the number of data access requests and a general increase in the number of data subjects exercising their rights. We help our clients to respond to such requests but the numbers of complaints that the ICO received in 2019 reveal that not all organisations are as prepared. We’re expecting this number to continue to increase in 2020, and for the ICO to continue to investigate and potentially fine those organisations who fail to appropriately respond. This proves that the GDPR is far more than red tape and empty threats from the ICO.
2. The result of big claims
There are some big group claims for compensation of data loss going through the courts at the moment. Most notably, there are actions against Morrisons and British Airways, and we’ll see the culmination of the claims during 2020. These will provide the benchmark for compensations for individuals.
It’ll therefore be a bad year for headlines if you’re at the helm of those companies, and there are doubtless other cases waiting in the wings.
3. Greater scrutiny of supply chains
There’s little point in getting your own GDPR house in order if you don’t pay attention to the rest of your supply chain.
It’s vital that every element of a supply chain treats data with the same level of respect. In 2020, we expect to see a tighter focus on and scrutiny of data security, privacy and resilience across supply chains. In particular, there will likely be a greater requirement for certification (for instance, ISO9001, ISO27001 and the very exciting, new ISO27701). In order to best help our clients, we plan to be one of the first organisations to certify to ISO27701, continuing our ethos of doing ourselves exactly what we would recommend to clients.
Away from data, we forecast that there will be increased focus on the environmental integrity of organisations. Aside from being ‘the right thing to do’, we believe this additional scrutiny follows the media coverage of influencers such as Extinction Rebellion, Greta Thunberg and, of course, the campaign against single use plastics. We’ve already seen an increase in the number of procurement questionnaires asking for environmental policies and statements.
‘Uncertainty’ is a word that has been used constantly during 2019 thanks to Brexit, and the political climate is in constant flux.
Whilst the last few days have delivered more confidence in the outcomes of the Brexit debate, we’re not out of the woods yet. In 2020, the continued uncertainty surrounding exit negotiations of Brexit and the decisions that will be made by the new government are likely to be compounded by other political movements in the US and China. Add the looming US presidential election and it’s hard to predict the ripple effect of global risk here in the UK.
5. The skills gap
There’s no escaping the fact we still have a significant shortage across many sectors, especially digital skills and cybersecurity. There are concerns that should our economy grow, there will be insufficient skills to meet demand. We need to think of new ways to solve skills shortages including a greater emphasis on flexible and remote working, retraining and further expansion of apprentice schemes.
We hope this will improve in 2020, but there’s a very real chance it will get worse if Brexit plans for immigration are not quickly realised and/or continued economic uncertainty further stagnates the market.
Finally, we see that the introduction of new rules from HMRC for subcontractors caused by the expansion of IR35 could have a detrimental impact on the availability of skills for short term projects, further compounding the issue.
6. Windows 7 end of life
Still using Windows 7 at work or home? 2020 is the year Microsoft will withdraw support for that particular operating system, making it vulnerable to cyber-attacks.
With so many organisations still relying on Windows 7 to drive key elements of their business, this is a considerable threat and one which needs addressing quickly. IT consultants will therefore probably earn their keep next year, but if you’re likely to be affected, now is the time to take action.
So, which of the above are you ready for? Which concern you? Where do you see opportunities to learn and grow when it comes to cyber security?
Of course, we don’t want to be all doom and gloom. For many businesses, some of the areas above could represent opportunity. We would encourage everyone to take five minutes to think about whether these could have an impact. If the answer is a ‘yes’ or a ‘maybe’ then good risk management is simply a question of thinking how you should respond now. Looking back at our predictions for this year, we were pretty close to the mark! As my old granny used to say, ‘a stitch in time saves nine’.
We’d love to know your thoughts for 2020!
If you have any questions about risk management or cyber security in 2020, or you’d like some help with your preparation, please get in touch with our helpful team.