Experts want organizations to comply with cybersecurity legislation
THE STRICT ADHER ENCE to the cyber legislation by different organizations will increase transparency level, giving individuals greater control over how their data is used, and ensuring mandatory disclosure of any breaches, experts have said.
They said it has become critical for organizations that process personal information of employees, customers or other juristic persons (companies, trusts and so on) to implement organization-wide pri- vacy initiatives in order to comply with the conditions of the legislation.
Some of the legislations stipulate that companies could face fines of up to 20 million euros, or four percent of annual turnover, which shows the gravity of the issue for large businesses in particular.
In a survey by RSA, a leading cybersecurity firm, the majority of consumers (57 percent) have no idea how many times their personal data may have been placed at risk, given the flood of headline- grabbing cyber-security breaches over recent months.
According to experts, organizations must comply with legislation, as failure to disclose data breaches remains one of the fundamental issues compounding the problems of cybercrime. Disclosing breaches within a specific reasonable timeframe could be playing a remedial in solving cybersecurity issues.
“Consumers are becoming increasingly aware and sensitive about how their service providers use their personal data, and for those organizations’ that suffer high-profile data breaches, there is a very real possibility that customers will ‘vote with their feet’,” said Anton Jacobsz, managing director at Networks Unlimited Africa, a value-added distributor.
According to Jacobsz, the risks of data breaches for both local and international companies are enormous mous and include ruining an organization’s reputation, destroying customer trust, and exposing them to heavy regulatory penalties. “To cater for such broad-reaching compliance requirements, organizations must address cybersecurity and data protection at an overall enterprise level,” he adds. Jacobsz said there is a new law that will ensure any and all data breaches are disclosed within a 72-hour period especially for businesses operating in the European Union (EU) or even for local businesses that provide services to EU citizens. Rex Mafiana, CEO at FPG Technologies told business a.m. that many of the companies in Nigeria get hacked especially the financial institutions but do not make it public as there are no laws that compel them to do so. Banks in Nigeria will never disclose that they have been hacked but many of these things happen, no bank will want to lose their customer, once they make it known that they have been breached, the confidence level amongst customers will definitely drop, said Mafiana. He said if there was any form of legislation that compels companies to disclose breaches in the country, issues of cybercrime would be minimal, adding that the present Nigeria Cybercrime Act 2015 does not make any provision punishment for non-disclosure of breaches.
To cater for such broad-reaching compliance requirements, organizations must address cybersecurity and data protection at an overall enterprise level