How will tougher penalties for leaks affect

[tanjimajuha20]

According to Alexey Parfentyev, insiders account for up to 80% of incidents related to data leaks: "According to our research, on average, eight out of 10 cases are leaks due to the fault of an internal violator, an insider. Most often, line employees are involved in information security incidents - in 2022, they accounted for 73% of all violations. The main motivation of insiders is related to personal gain. Although in 2022, a third of the companies we surveyed faced an increase in external attacks, usually from hacktivists."

"There are practically no purely italy whatsapp number database external attacks - there is always an internal "accomplice": either a programmer wrote vulnerable functions, or an administrator was negligent in setting up and updating software, or an employee fell for phishing. If we call external incidents any hacks where company employees were not directly involved, then such incidents account for approximately half," says Rustem Khairutdinov.


According to Vladimir Ulyanov, the increase in fines will have little effect on leak situations, primarily due to the difficulty of identifying the culprits: "The increase in fines will have some effect, but it should not be overestimated. After all, there are grounds for holding those responsible for leaking information accountable. And do not think that after the change in legislation the process will become simple. It will still be necessary to collect evidence. Therefore, in this case, it is more likely to be a psychological effect. Some insiders will abandon their intention to steal data or will act more carefully."

According to Maxim Akimov, the impact of increased liability will be different for small and medium businesses, on the one hand, and large businesses, on the other: "The threat of punitive measures, such as fines and imprisonment, is intended to stimulate more responsible handling of information and its protection. In large companies, the risk of high fines may prompt management to revise upward the budget allocated for information security. Thus, cyber protection of critical infrastructure and customer services will be strengthened. But for small and medium businesses, it will most likely simply add problems and risks."

"The increase in fines will have a fairly quick impact on the situation with data leaks. Because now they do not motivate anything: paying a fine of several tens of thousands of rubles is many times cheaper than building a reliable information security system. The implementation of protection tools, their maintenance and payment of a specialist's salaries require considerable budgets. A significant increase in fines for data leaks motivates companies to calculate the risks and allocate funds for information protection," Alexey Parfentyev is sure. "However, we must be extremely careful with the introduction of criminal liability. Because it would be absolutely wrong if, due to discrepancies in the legislation, even one innocent person suffers, who accidentally sent data to the wrong place, made a mistake with the access settings to them, etc. Criminal liability should only apply to situations where a group of people in collusion and on a regular basis committed crimes."

Director of Services at RooX LLC Egor Lednev is confident that the increase in fines will force companies to put their data management in order and take up cyber risk insurance: "The threat of introducing turnover fines for leaks of clients' personal data will become one of the factors stimulating businesses to migrate to safer and more reliable information security systems and develop them. Thus, many companies continued to violate Federal Law No. 152 before the bill, and the planned innovations will spur them to quickly assemble teams and switch to domestic software. In addition, the initiative to introduce turnover fines has created a new item in business expenses on information security - cyber insurance, including against personal data leaks. Companies are beginning to take an interest in this service and gradually use it. According to one survey, in 2022, 6% of Russian companies insured cyber risks and another 21% planned to use this service."

However, according to Rustem Khairutdinov and Igor Fitz, increasing liability will not affect the frequency