As part of Reed Smith’s webinar series on crisis management, on Wednesday 6 November 2019, partners Tom Webley, Philip Thomas and John M. McIntyre delivered a webinar to clients on data breaches, cyber attacks, and potential responses to such incidents. This article focuses on the key themes arising out of the webinar and serves as a summary of the key takeaways. In case you missed this webinar, the recording is available at reedsmith.com.
What is the difference between a data breach and cyber-attack?
- A data breach is a security incident where personal data is accessed without authorization. In general, data breaches are also personal data breaches and may be accidental or deliberate.
- A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss or alteration of, or unauthorized disclosure of or access to, personal data that is transmitted, stored or otherwise processed. Examples include lost devices and documents, misdelivered messages, unencrypted email transmissions containing personal data and disposal of documents in a non-compliant manner (e.g., without shredding first).
- A cyber attack is broader than a data breach, is deliberate and can be more disrupting to business. Examples include malware attacks, which can affect all business units, such as the NotPetya attack, which is estimated to have cost an international shipping company $200 million – $300 million.