The importance of protecting your firm's digital assets
March 26, 2020 • 7 min read
Unfortunately, many businesses are still struggling to understand just how value they are are at risk at losing if they fail to protect their digital assets.
Digital assets - including branded materials, web content, digital communications, customer data - mean a huge amount of value for businesses today. But unfortunately they can be easily lost or compromised in several ways.
One inevitable risk they face is time.
Things like link rot (a visitor clicking a broken link), vendor abandonment and obsolete storage formats are all factors in the long-term preservation and protection of these digital assets. It's easy to overlook this (how many USBs are gathering dust in your desk drawer right now?) but this is a very real and serious issue for businesses.
“People think data bits are these ethereal things in cyberspace that will last forever, but they’re not and they’re based on physical media which decays. I’m worried the information contained in these will be gone as we don’t have a systematic way of ensuring the digital information we create will be readable 100 years from now. That’s why I’m worried about a digital dark age.” - Vint Cerf, Vice President of Google and one of the original developers of the internet.
Unfortunately, there are other and more immediate ways businesses could be at risk of losing their digital assets:
The stewardship of data, and governance of a digital presence, are now highly regulated responsibilities which means preservation of digital assets is more than just following best practice.
It’s law, and several regulated firms have fallen foul of this at significant expense. For example in 2019, Goldman Sachs was handed a fine of £34.3m for failing to make adequate transaction reports, therefore falling short of transparency and digital record requirements.
Data regulation came front and centre for a lot of businesses a couple of years ago with the GDPR. This EU-wide regulation has changed the way businesses think about data and how they use it, by bringing in comprehensive rules and new punishments.
Fines can be up to €20m (or equivalent in sterling) or 4% of the business's total annual worldwide turnover in the preceding financial year. Or, worryingly, whichever is higher!
Up to 40% of financial services firms are at risk of being fined up to €5m for failing to comply with recordkeeping rules under MiFID _II
Poor digital conduct
Thinking back to physical assets, imagine a business based out of a warehouse. This warehouse is the business’s property along with the stock contained within it. To protect this, the business will have insurance in place, security onsite to regularly patrol the property and all employees will be made aware of the value of protecting these assets.
Unfortunately, the same cannot be said for digital assets.
There is simply a lack of understanding when it comes to the level of governance and conduct required to safeguard digital assets. According to a recent survey by Deloitte, 12% of businesses surveyed said it was not clearly defined who in their company was responsible for taking ownership of digital risk.
Only 13% of respondents had clearly defined the risk their businesses faced as part of digital transformation (with 46% admitting they had made no progress on this front).
Sometimes, the most valuable thing a business will own is their brand.
If a business says it has ownership of a valued trademark, but another party also claims this, then a dispute is created – the kind that can sometimes only be solved by providing records (of digital marketing materials, branded content, communications etc).
Trademark infringement is extremely serious and, aside from compromising brand value, it can result in expensive litigation. In the UK, trademark infringement cases can be taken to the high court where there is no limit to the damages that can be awarded in these cases.
The court can also order the losing party to pay 60-70% of costs incurred from the litigation (as well as those of the court that can go up to £10,000). If the court finds that there has been damage to goodwill and reputation, damages can be even higher.
What can go wrong?
Below are just some of the ways different digital assets can be compromised. Consider which of these are involved in your business and the risks they may inadvertently be opening you to:
What is it
The risks this asset could face
As well as including webpage copy, this can also encompass blogs, downloadable guides, videos, banners, forms, podcasts and live chat text.
This kind of content can communicate vital information about your business and contain valuable branding materials and trademarks.
With so much value tied up in this content, if these digital assets were to be compromised (though human error of an admin, cyber attacks or trademark infringement) then the business could suffer as a result. If web records along with marketing content was lost, then your firm is likely to be at risk of non-compliance with record-keeping requirements.
Online financial promotions
A financial promotion is classified as “An invitation/inducement to engage in investment activity communicated in the course of business".
In an online context, this could be a blog, video or even a firm's website.
With consumer protection at stake, financial promotions have to be "clear, fair and not misleading".
Being able to prove this is critical. While a firm's marketing department should ensure the collateral they produce is compliant, evidencing this could be vital down the line. Upon request, a regulated firm should be able to point back to its website at any point in time and prove its digital content is clear, fair and not misleading.
Key internal documents
These can vary from business to business but will typically mean company forecasts, strategy documents and essentially anything critical to internal functions.
This could also mean documents specific to certain teams such as marketing plans, analyses etc.
This kind of material can obviously contain commercially sensitive information and be targeted by cyber-attacks and the use of ransomware.
If an investor made a complaint or claim against a firm, and the right documentation was found not to be displayed properly, the firm would be in breach of their requirements and could be in serious trouble.
As explained under GDPR, the customer data to protect is "any information which are related to an identified or identifiable natural person."
Essentially, this means anything that can identify them (such as name, age, address, bank account data etc).
Customer data is extremely valuable and people are willing to do a lot of things to steal it.
As well as the risk of losing peoples' personal data, firms can then be open to serious GDPR fines (see above) and reputational risk. If your business was to lose consumers' data, it is also likely they will lose trust and not give you their business again.
Preserving your assets through website archiving
Safeguarding digital assets is something businesses cannot ignore.
Failure to do so could be extremely costly to a business, resulting in fines, litigation costs and generally lost value. Therefore, more needs to be done in the present and digital archiving is quickly becoming recognised as the solution of choice. These are archives are:
- 100% accurate
- Record dynamic data
- Fully interactive
- Legally admissible
- Designed with compliance and digital preservation in mind