Digitalisation, connectivity and cyber security
Digitalisation, with the introduction of Artificial Intelligence (AI) and Internet of Things (IoT), rapidly transforms the global economy - but what will the greatest challenges be going forward?
The real-time connectivity through the introduction of the new 5G technology will be the basis for businesses to take the next step in their transformation towards "the 4th Industrial Revolution" or "Industry 4.0". Real-time connectivity creates opportunities for flexible and customized products and services such as IoT, self-driving cars, improved e-commerce, AI, digitalization in healthcare, and much more.
Aggregated consumer and user data will be a valuable asset for many companies and represent an important asset for AI-based solutions that require access to large sets of data. Companies operating in the chain of connected products and services will gain a unique direct advantage in terms of converting data into revenue as compared to other companies. Aggregated, non-personal data derived from these products and services will, in addition to the main business, become an important asset or source of revenue.
Large sets of aggregated user data will form the basis for product development as well as for the adaptation and profiling of products and services. Companies that do not have their own access to user data will be left behind unless they can otherwise access such information. This lays the foundation for a new market for data exchange where aggregated data will be a significant new commodity.
Needless to say, there will be risks for anyone holding large sets of data. The interest of third parties to illegally try to acquire access to such data will increase. This places greater demands on the fact that data can be handled, communicated and stored securely with minimal risk for third parties to access it.
An example where connectivity will be an important driver is for e-commerce. In an increasingly competitive e-commerce market, mobile connectivity creates a link to the logistics industry, enabling innovative online retailers to position themselves and be at the forefront of development. By linking to the logistics ecosystem, connectivity also provides the ability to track packages in real time, better control at packing centres, etc. Increased integration of connectivity and logistics in combination with other technologies such as artificial intelligence will enable the creation of more advanced products and services for the logistics industry.
As connectivity becomes increasingly important for products and services, increasing demands will be placed on the connection technology. Connected services must be highly reliable and higher safety requirements must be imposed on the entire chain.
There is concern about whether the industry can guarantee security and proper access to networks. The main reason is the considerable difference between the complexity of today's networks and 5G. Users’ Sim-cards will no longer be the main point of authorization, and traditional protocols will no longer be sufficient to stop intrusion. Much of the data processed in real time is currently completely unprotected and vulnerable to intrusion and influence from third parties. Given the large number of devices that will be connected to 5G, the security of each connected device will be paramount.
Many industries today have their own unique safety standards that they adhere to – there is therefore an urgent need to coordinate safety standards between manufacturers, network services, and users' connected devices.
In the past, cyber-attacks on industries and production facilities have been blocked with traditional network and client security, but there is much which suggests that increasingly tailored attacks on operational systems are being developed and may completely go below the radar. Cyber criminals can exploit existing features and security flaws in industrial IoT environments for criminal activity – such as spying with financial motives and pure theft of data. Research shows that several vectors in test environments have been subjected to such attacks, which can lead to major financial and reputational damage to companies in "Industry 4.0", unless the right type of security is implemented.
That security is an important issue is proven by the fact that the maximum fine, so far, under GDPR relates to lack of data security in relation to large sets of customer data. The English Data Protection Authority (ICO) has imposed fines on British Airways of MEUR 204 and on Marriott International of MEUR 110.
The responsibility for protecting data from unauthorized access may be placed on multiple parties in a chain of parties where data is processed or generated. For an operator, it may be useful to analyse early on who bears the primary legal responsibility for the protection of data and how to contractually allocate responsibility for damage that may arise for different stakeholders due to data leakage. Even when procuring network security products and other services, there is reason to identify what must be considered as sufficient in order to meet any relevant legal requirements for data protection and to avoid personal liability for company representatives neglecting their duty of care.