However, the European Union has proposed a new data protection Regulation in an attempt to mandate companies that process, store or transmit personal data to appropriately protect it. Failure to do so would, under the proposed Regulation, bring about this requirement, and also breached organizations would have to disclose breaches to the national supervisory authority (i.e. The ICO in the UK) and to notify each customer whose data was subject to the unauthorized access. Mandatory breach disclosure will mean that cyber risk will have a greater impact and visibility at the board level and could result in major loss of revenues, through bad publicity, loss of consumer confidence, and in the severe cases likely affecting the company share price.


As identified in the Cyber Security Strategy in 2011, there exists a present cyber security threat to UK businesses; which are continuously growing as we become more heavily reliant on the Internet to conduct business. It is time for those at the board level to realise that technology has increasingly become the heart of their business rather than something that aids it. Attacks on this technology have the potential to disrupt business operations permanently. As Iain Lobban, Director of GCHQ, points out “Value, Revenue and Credibility are at stake. Don’t let cyber security become the agenda – put it on the agenda.”