Unfortunately, many businesses are still struggling to understand just how valuable digital assets are. This may not seem like an immediate priority, but disappearing digital assets now present a significant risk to many businesses.
According to Forrester, a failure to recognise the importance of digital preservation and information governance is opening businesses up to significant risk.
This stems from a few issues. First, there is a common misunderstanding of what digital assets are and the digital information associated with them. Though not an exhaustive list, these often include critical assets like:
• All digital communications
• Customer data
• Internal documentation, such as business plans and strategies
• Intellectual property
• Brand assets such as artwork
• Marketing content
• Contracts and agreements
• Any and all internal business documentation
Now, we’re not saying businesses are totally ignorant to the value of these kinds of assets, largely because demand for cybersecurity means the global industry is expected to be worth $248.26bn by 2023. However, what is often overlooked is the long-term considerations of how this data is vulnerable to being lost.
Things like link rot (a visitor clicking a broken link), vendor abandonment and obsolete storage formats are all factors in the long-term preservation and protection of these digital assets. The National Archives have long identified the inherent risks in losing digital content and in their article here, providing great pointers on how businesses can develop their own digital preservation strategy and policy.
As businesses will have more immediate concerns to occupy their time and budgets with, the risk of leaving these digital assets unprotected can be compounded by time. In particular, firms are vulnerable in three key areas:
The stewardship of data, and governance of a digital presence, are now highly regulated responsibilities which means preservation of digital assets is more than just following best practice. It’s law, and several regulated firms have fallen foul of this at significant expense. Within financial services for instance, the FCA has handed out several large fines to firms that have failed to safeguard their digital assets.
In 2019, Goldman Sachs was handed a fine of £34.3m for failing to make adequate transaction reports, therefore falling short of transparency and digital record requirements. And in 2018, Tesco was fined £16.4m by the regulator for a breach where thousands of personal details were lost in a cyber-attack. This kind of regulatory focus on digital assets isn’t exclusive to financial services, with the GDPR raising standards for all businesses on how they gather and protect data. Under the GDPR, fines can be up to €20m (or equivalent in sterling) or 4% of the business's total annual worldwide turnover in the preceding financial year. Or, worryingly, whichever is higher!
Teleware found that 40% of financial services firms are at risk of being fined up to €5 million for failing to comply with record keeping rules under MiFID II, largely due to the fact that firms have insufficient technology and processes in place to record and capture real-time communications.
Poor digital conduct
Thinking back to physical assets, imagine a business based out of a warehouse. This warehouse is the business’s property along with the stock contained within it. To protect this, the business will have insurance in place, security onsite to regularly patrol the property and all employees will be made aware of the value of protecting these assets. Unfortunately, the same cannot be said for digital assets.
There is a lack of understanding when it comes to the level of governance and conduct required around digital assets. According to a recent survey by Deloitte, 12% of businesses surveyed said it was not clearly defined who in their company was responsible for taking ownership of digital risk. And, more specifically, only 13% of respondents had clearly defined the risk their businesses faced as part of digital transformation (with 46% admitting they had made no progress on this front). Ensuring conduct and processes support digital preservation are top priorities.
Sometimes, the most valuable thing a business will own is their brand. And although businesses will protect this by filing for trademark protection, lacking evidence to support this can be costly in the long-term. If a business says it has ownership of a valued trademark, but another party also claims this, then a dispute is created – the kind that can sometimes only be solved by providing records (of digital marketing materials, branded content, communications etc).
Trademark infringement is extremely serious and, aside from compromising brand value, it can result in expensive litigation. In the UK, trademark infringement cases can be taken to the high court where there is no limit to the damages that can be awarded in these cases. The court can also order the losing party to pay 60-70% of costs incurred from the litigation (as well as those of the court that can go up to £10,000). If the court finds that there has been damage to goodwill and reputation, which cannot be as easily quantified, damages can be even higher.
What can go wrong?
According to a recent RSA white paper, the majority of business owners see digital risk as impacting their financial performance. Insuring a business and protecting it against physical threats (as well as from the competition), may come naturally to many business owners but the importance of digital assets is still yet to be fully comprehended.
Ignoring this could be costly. If a business was to lose some valuable digital assets in the future (for instance, expensive marketing materials, branded designs or customer communications) then this could have a direct impact on CX and services. To put this into context, if you’re a CX programme lead then you’re likely to create customer journey maps and strategies which are valuable to the business. Ensuring there’s a record available to refer back to - but also to ensure they don’t trip up – could be crucial.
This also feeds directly into digital conduct. Within investing, regulated providers have to ensure they signpost risks clearly enough for whenever investors are able to make their own decisions. Therefore, these firms must have thorough processes in place to ensure they are monitoring investors’ journeys including knowing how and when to intervene if an investor may be taking on too much risk (for example, by clicking through T&Cs too speedily). If an investor was to proceed uninhibited and buy into a product that wasn’t right for them, then they could have a legitimate complaint against that firm.
Digital conduct can dictate how internal resources are allocated. Many firms may have an insight function, who is responsible for helping a business understand more about itself and to help identify digital assets that may be at risk. As well as training people to support preservation strategies, having someone who can theoretically stress test these in the long-term could help make the difference.
|Digital asset||What is it||The risks this asset could face|
As well as including webpage copy, this can also encompass blogs, downloadable guides, videos, banners, forms, podcasts and live chat text.
This kind of content can communicate vital information about your business and contain valuable branding materials and trademarks.
As the public-facing presence of your business, web content can be extremely vulnerable to all sorts of risk. As well as the well-known dangers of cyber-attacks and hacktivism, the fact your brands are out in the public domain means they could be subject to trademark infringement.
With so much value tied up in this content, if these digital assets were to be compromised then the business could suffer as a result. If web records along with marketing content was lost, then your firm is likely to be at risk of non-compliance with record-keeping requirements. Plus, future marketing teams could suffer as a result of not having this content to refer back to for new campaigns. If someone lodged a baseless complaint against a hotel booking website for instance, claiming they didn't list all the T&Cs and the company had no way of proving or disproving this, then unfortunately they would find it extremely difficult to defend themselves.
|Online financial promotions||
Specifically for financial services, a financial promotion is classified as “An invitation/inducement to engage in investment activity communicated in the course of business".
In an online context, this could be a blog, video or even a firm's website.
With consumer protection at stake, the FCA is extremely vigilant in ensuring regulated firms are not leading people astray with their financial promotions. Under the regulations, financial promotions have to be "clear, fair and not misleading".
Being able to prove this is critical. While a firm's marketing department should ensure the collateral they produce is compliant, evidencing this could be vital down the line. Upon request, a regulated firm should be able to point back to its website at any point in time and show all its digital content is clear, fair and not misleading. If not, they could face serious fines and potentially significant reputational harm.
|Key internal documents||
These can vary from business to business but will typically mean company forecasts, strategy documents and essentially anything critical to internal functions.
This could also mean documents specific to certain teams such as marketing plans, analyses etc.
This kind of material can obviously contain commercially sensitive information and be targeted by cyber-attacks and the use of ransomware. If stolen, this kind of information could be used for insider trading, blackmail or simply sold to the highest bidder.
Especially within financial services, there are several requirements for regulated firms to display and disclose certain information on their websites. For example, with PRIIPs there is a requirement to publish updated
As explained under GDPR, the customer data to protect is "any information which are related to an identified or identifiable natural person."
Essentially, this means anything that can identify them (such as name, age, address, bank account data etc).
Customer data is extremely valuable and people are willing to do a lot of things to steal it. This is why large-scale data breaches have become so prevalent, as criminals realise customer data a business holds is worth more than most physical assets.
As well as the risk of losing peoples' personal data, firms can then be open to serious GDPR fines (see above) and reputational risk. If you were to lose consumers' data, it is also likely they will lose a lot of trust and not give you their business again.
Safeguarding digital assets is something businesses cannot ignore. These need to be protected against cyber-attacks, trademark infringement and – ultimately – time. Failure to do so could be extremely costly to a business, resulting in fines, litigation costs and generally lost value. Unfortunately, the true cost of lost digital assets may only become clear in the future when 20/20 hindsight means people realise more should have been in the moment to support preservation.
Therefore, more needs to be done in the present and digital archiving is quickly becoming recognised as the solution of choice. With digital archiving, intelligent ‘crawl’ technology can scour an entire website to create a living, breathing archive of a website and its digital assets that can be referred to whenever needed. These archives can be searched, are time-stamped and tamperproof which means they are legally admissible for compliance purposes (and can be easily used for future legacy and branding decisions).
At MirrorWeb, our archiving platform is the solution of choice for a wide range of brands, financial services firms and public bodies. To see how the MirrorWeb Platform works, contact the team below to schedule a free demo!