UK: Will Your Business Infrastructure Ride The Wave Of Digitalisation?

Last Updated: 30 August 2018
Article by Sally Mewies

As advances in digital technologies continue to transform business infrastructure and service delivery, there are exciting opportunities for innovation and growth. But with change comes challenge, and the increased demands on physical and virtual connectivity can leave many businesses exposed to risk.

Research from Gowling WLG's Digital Risk Calculator highlights that UK businesses are less aware of digital risks than their European counterparts. Of those identified across all countries surveyed, 69% revealed cyber risks to be their biggest area of concern. The second proved to be risks related to the security of highly sensitive/valuable data (55%). Both are issues that could adversely impact the infrastructure assets and networks of a business, as well as bring financial and reputational costs.

Infrastructure risks also scored highly in their own right, with more than a third of those surveyed (36%) considering it a concern. But when we talk of infrastructure, it's not only the fixed networks and assets we are referring to here. More broadly, it also applies to the associated data and information that this can reveal.

The question for small and medium-sized enterprises (SME's) is how well-equipped are they to operate in this fast-changing environment and stay resilient to digital threats?

Future-proofing your infrastructure networks

The first step to future-proofing your business is about becoming 'risk conscious' and understanding where there are potential stress points. Ideally any risk review needs to analyse not only how your business is operating now but also how it is likely to evolve in the short to medium term. Based on this insight a forward plan can then be put in place, which addresses a number of priorities:

Review and/or refresh existing policies, procedures, checklists and systems.

Despite the identification of data risks in our survey, for example, only 52% of UK businesses confirmed they carry out regular data back-ups, compared to 66% in Germany and 67% in France. In addition, only 32% of UK businesses and 39% of businesses in Germany use off-site storage for sensitive data, compared to 50% of those in France.

Putting a robust, secure digital infrastructure in place will help to address these types of risks and provide resilience in the face of any threats. At the same time, it also offers wider advantages: ensuring data is turned into actionable information; generating efficiencies in handling large volumes of data; addressing network and connection problems; and implementing governance around digital activity.

Monitor and respond to evolving regulation and guidance in this area

Notable wide ranging external cyber-attacks such as the Wannacry and Petya hacks reinforce the real and immediate threat of cyber-crime to all organisations and businesses. This is reinforced by findings in the recent British Chamber of Commerce Digital Economy Survey and the Department for Culture Media & Sport (DCMS) Cyber Security Breaches Survey. Here, a key headline is that one in five businesses has been a victim of cyber-crime in the past year.

Prevention is the key to ensuring a business and its reputation is well protected. Taking steps to ensure all departments are briefed on the importance of customer security will help to ensure a unified approach. It is also important to stay on top of the latest developments in encryption methods, limit those who have access to customer data, establish clear policies around notification of lost/stolen devices, and create several layers of online security.

Underlying all this is the need to comply with the law. Those who are found lacking will expose themselves to potential regulatory fines and civil claims for damages and even potential criminal sanctions, as well as the associated business costs in time, profit, and reputation.

The General Data Protection Regulation (GDPR) which came into force in the UK in May 2018 highlights the constantly changing legislative environment. GDPR directly impacts the way personal data is stored and processed, and creates an environment in which greater transparency on how data is protected and stored is required. In preparation, businesses should have reviewed their data storage processes and policies, carried out risk assessments, scenario plan and develop appropriate controls.

Embed a security-minded approach to infrastructure delivery, operation and management

The importance of becoming 'risk conscious' cannot be underestimated. In a world where security threats and vulnerabilities are ever-changing, business owners and staff need to remain vigilant. Finding ways to create a security-minded culture within an organisation will pay dividends and help build resilience within an organisation's infrastructure. This demands clear leadership and understanding of the practical implications of failure.

If we recognise that the most common types of breaches can be linked to human factors - such as unwittingly clicking on a malicious link - then investing in staff awareness and training becomes a priority. As more people have access to greater amounts of data, there is a greater risk of accidental or inappropriate information sharing. This is particularly true in certain core sectors of the economy such as energy and transport, where the management of major infrastructure projects can involve large supply chains.

The introduction of the National Information Security Rules (NIS) in May 2018, alongside GDPR acts to further tighten up standards in this area. Its aim is to increase the overall level of cyber security in the EU.

Engage senior management

According to the DCMS Cyber Security Breaches Survey, 74% of UK businesses identify cyber security as a high priority for their senior management. It demonstrates that where the leadership of a business is engaged, then the issues of information security and infrastructure risks are given greater focus and investment. This in turn drips down through the organisational culture and helps to ensure a pro-active approach to managing digital risks.

Consider cyber security risks outside the business.

While many businesses may have concerns about suppliers' cyber security, our Digital Risk survey data also suggests that too few do anything about it.

When consumers buy into a product or service they are often engaging with a large network of organisations as part of a complex supply chain - not just a single provider. At the same time, they are also more commercially savvy and will think with their feet should a provider's reputation for data security be adversely impacted. Hence it's important that all component parts of the supply chain adhere to the same processes, strategies and standards when it comes to managing digital risk.

At the point of contracting with new suppliers and expanding your supply chain, insist they adhere to specific cyber security standards or codes of good practice. Doing so will demonstrate reliability to their business clients and an understanding of the need to protect their client's interests. Existing suppliers should be regularly audited to ensure ongoing compliance.

Bringing your strategy to life

The priorities we have covered here all form part of any effective digital risk strategy and will help to ensure your infrastructure is resilient to digital risks. But while points of compliance remain standard, the detail of the type of risks each business faces and how it needs to respond will differ. Those that respond to the challenges successfully are where issues such as cyber-security are prioritised right at the top, and where the whole organisation brings their chosen strategy to life.

For more guidance, visit our earlier insights on understanding your digital risks and implementing the Cyber Security Directive. The National Cyber Security Centre has also outlined practical steps organisations can take to improve their cyber security with its '10 steps to cyber security guidance'.

Another, helpful source is our Digital Risk Calculator. Take a look to identify your business' top five digital risks, and calculate your overall digital risk rating. This new free tool allows small and medium-sized businesses to better understand their digital risks and compare these to other businesses and industries.

Will Your Business Infrastructure Ride The Wave Of Digitalisation?

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
Gowling WLG
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Gowling WLG
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions