• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact

Data and digital risk prevention: a business risk and a business opportunity

April 12, 2023

We all know, data breaches and digital controversies can be brand affecting and detrimental to company valuation.  Yet somehow, it’s common to behave as though immune to this, protected by invisibility, and likely to rebound unaffected.

Conversely company valuation increases by demonstrating leadership among peers, differentiating over competitors, and proving the ability to stabilise and strengthen business ecosystem resilience.

Poorly managed data creates diverse risks with significant negative effect on an organisation if unchecked.  Impact associated with breaches can be severe as a result of fines and penalties, recovery, financial and reputational costs, and other compliance challenges.  Organisations need to be vigilant to ensure the safety of their data and thereby also continued success of their business.

Various means to do this exist, including ensuring contract terms incorporate data protection laws, using encryption services and malware scanners, auditing data security procedures on a regular basis, data protection training and adequate access management protocols.  Indeed, 80% of data breaches are caused by internal actions of employees, which demands inside-out risk mitigation.

To stay ahead of the curve, identifying emerging threats and solutions, you need to understand which state-of-the-art of data security and privacy technologies can help.  Above all, taking appropriate pre-emptive steps to protect data minimises risks and creates a safer, more secure environment for all stakeholders involved.

Frequently data risks associated with a global contract population include non- or poor-performance, financial loss from expired auto-renewed contracts, data breaches cyber threats, litigation, class actions and lack of privacy compliance.  Risks are compounded with varying data linked to contracts (SOWs, addendums, superseded versions of originating contracts), and varied or weak processes including disparate or insecure user accessibility.  This increases complexity and data risk by as much as 100%.

Examples of where inadequate safeguarding causes data privacy breaches include:

  • Data leaks due to immaturity of storage security and protection measures – contracts with third party software and IT providers must be negotiated jointly with a multi-disciplinary team of experts (comprising IT, Legal, Information Security, Tech Innovation, Compliance, and Business users)

  • Data retention practices and policies being inaccurate or incomplete – this results in hoarding data, erring on the side of caution, and the problem of data protection compliance grows (principles of minimisation, for example)

  • With retention comes defensible deletion – poorly managed data deletion requests or failing to comply with protection regulations can incur severe regulatory penalties that far outweigh the cost of mitigating effectively

  • Data deletion requests can have a  major impact – they can blow budgets due to handling and processing inefficiencies (missed deadlines, costly delays due to manual legal review processes)

  • Poor understanding of data locations and ownership in the IT infrastructure – this can cause exposure to potential data breaches

  • Sustained adequate training for GC, DPO, and Info Sec teams is vital – this avoids the risk of enforcement actions and increased scrutiny from the ICO (and those Regulators that the ICO formally confer with, such as the FCA) due to non-compliance

  • Any large number of disparate, siloed systems and data sources – these increase the complexity of structured and unstructured data, and the risks spiral.

Siloed working is perhaps the greatest risk of all in relation to data risk management.  This is common for those working within large corporates.  Digital Risk Experts counteracted this by forming the concept of a Digital Risk Committee (DRC) which delivers real benefit inside client organisations.

DRCs bring together an internal multi-disciplinary team (efficiently bridging legal, IT, compliance, finance, HR, marketing) to enable business to alleviate siloed working, overcome poorly instructed and expensive third-party services, better manage past and current risks as well as envisage the future of the business using multiple sources of insight.

Steve Sanders (steve.sanders@businessgrowthmechanics.com) is a strategy advisor, author of ‘Five Horizons’ and a business growth mechanic. Steve says: “Strategic resilience may also target new sources of competitive advantage and grow company valuation, by becoming a champion of such stakeholder priorities.”

Lisa Burton (lisa@digitalriskexperts.co.uk) is CEO of Digital Risk Expert, digital risk advisors to legal and digital professionals. Lisa says: “Establishing the Digital Risk Committee and a manifesto required to drive real value and operational results, is fundamental to any differentiating resilience strategy.” 

Tags: Steve Sanders, Lisa Burton
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson