In light of the most recent breach making headlines – concerning mobile provider Three – an interesting question comes to mind: does it really matter what data is accessed during a successful cyber-attack?
While no financial information appears to have been stolen on this occasion, the potential theft of personal data such as names and addresses will be no less distressing to Three’s customers. Indeed, a recent Thales survey suggested that only 16 per cent of consumers would continue to use a brand’s products or services in the wake of a data breach. In today’s “digital-first” society, so much of our personal information is held by retailers, financial institutions and, in this case, mobile operators; and information of this sort is very attractive and valuable to cybercriminals.
Attacks such as this clearly highlight the urgent need for more secure protection – of customer data and brand reputation. The implementation of effective encryption and security controls, placed around customer data to prevent and minimise damage from breaches such as this, is an absolute necessity. More than that, though, firms today must show a willingness to go further than to protect the bare minimum of regulated financial data. Cyber criminals can use all sorts of personal information to get inside people's digital lives and cause havoc.
What we are increasingly seeing is a move to encrypt everything in order to mitigate risk. Although we may be becoming sanitised to breaches occurring, they are not causing any less grief. Around this time last year the TalkTalk breach came to light, which ultimately cost the company many, many customers and millions of pounds, let alone brand damage. Last week Tesco Bank made headlines for all the wrong reasons, and now Three has become the latest brand to have to deal with the fallout.
The question on many people’s mind is; who is next? And I wonder to what extent the public be accepting, regardless of whatever data is stolen.