Last updated: 05.09.17

UK businesses’ data protection breach fines on the rise

According to figures by the Information Commissioner’s Office (ICO), fines for breaches in data protection have almost doubled since 2015 from £2m to £3.2m.

These fines could be set to rise as, from 25th May 2018, the EU’s General Data Protection Regulation (GDPR) will replace the Data Protection Act (DPA) in the UK. Failure to comply with this new framework can result in fines of up to €20m or 4% of global turnover, exceeding the current maximum of £500,000.

Just how common are data security breaches?

A 2017 Cyber Security Breaches survey conducted by the Department for Culture Media & Sport found that virtually all the UK businesses they spoke to were exposed to cyber security risks, with 38% of micro firms, 52% of small firms and 66% of medium firms identifying at least one cyber security breach in the last 12 months.

In support of this, PwC found that:

  • 74% of small and medium-sized enterprises (SMEs) had a security breach, with the average cost of the breach totalling between £75k and £311k.
  • 38% of SMEs suffered from external attacks, with a distinct increase in malicious software being used, and 16% were hit by DoS attacks.
  • 31% of SMEs suffered staff-related security breaches and half of all organisations attributed the cause to inadvertent human error, solidifying the fact that modern workers, in any sized business, must be trained in data protection.

The impact of breaches in data protection

As well as the considerable regulatory fines, the Cisco 2017 Annual Cybersecurity Report cites that functions most likely to be affected by a data protection breach are:

  • Operations
  • Brand reputation
  • Customer retention
  • Partner relationships
  • Supplier relationships

Jeremy King, international director at PCI SSC has stated: “Companies, both large and small, need to act now and start putting in place robust standards and procedures to counter the cyber security threat, or face the prospect of paying astronomical costs in regulatory fines and reputational harm to their brand.”

Related resources