Carol A.F. Umhoefer and Alaa Salaheldin of DLA Piper write:
Global companies face increased pressure to adopt strong cyber risk mitigation measures in today’s rapidly evolving cyber threat-heavy business environment. According to security company PurpleSec LLC, in 2020 alone, cybercrime is reported to have increased by up to 600% as a result of new incentives and opportunities for hackers – including many more remote work environments – in the COVID-19 pandemic. Notably, ransomware and phishing attacks have become increasingly common.
Where a cyberattack materializes into a loss of personal information, theft of intellectual property, or a business disruption, a company may be subject to significant legal, business, and reputational costs. For example, in 2020, the average cost of a single ransomware attack was reported to exceed $130,000, the average ransom payment made by large companies was $780,000, and the average business downtime caused by a successful ransomware attack increased by 200% (see PurpleSec: 2020 Ransomware Statistics, Data, & Trends).
But one of the measures designed to prevent, detect and manage cyberattacks – network monitoring – can involve continuous surveillance and processing of employee personal information, setting IT security and data privacy rights on a collision course. Consequently, when approaching cyber risk mitigation, it is important that companies consider data privacy and employee network monitoring laws in all jurisdictions in which they operate.
Read more on Privacy Matters.