Cathay Pacific’s recent data breach (“Personal data of 9.4 million passengers of Cathay Pacific and subsidiary leaked, airlines say”, October 24) was an unpleasant shock for many of us. Suddenly, the phrase “not if, but when”, usually reserved for events with information security on the menu, took on a profound personal meaning for those affected.
This episode should be a wake-up call, reminding us that information security must not just confined to conferences attended by the big targets: finance and insurance.
First, we need to look at data protection as a cyber-risk problem, not a cybersecurity problem per se – and the two must not be mixed up. Second – and this is an uncomfortable truth – there is no such thing as complete security although there is an acceptable level of risk.
Most importantly, however, business leaders need to start paying attention to looking at a company’s cyber risk in terms of impact on customers, share price or reputation – and this applies to all companies, whether a supermarket chain or a food-delivery app.
No matter how small or simple the business, data protection must be a priority and the starting point is data…
