According to figures by the Information Commissioner’s Office (ICO), fines for breaches in data protection have almost doubled since 2015 from £2m to £3.2m.
These fines could be set to rise as, from 25th May 2018, the EU’s General Data Protection Regulation (GDPR) will replace the Data Protection Act (DPA) in the UK. Failure to comply with this new framework can result in fines of up to €20m or 4% of global turnover, exceeding the current maximum of £500,000.
A 2017 Cyber Security Breaches survey conducted by the Department for Culture Media & Sport found that virtually all the UK businesses they spoke to were exposed to cyber security risks, with 38% of micro firms, 52% of small firms and 66% of medium firms identifying at least one cyber security breach in the last 12 months.
In support of this, PwC found that:
As well as the considerable regulatory fines, the Cisco 2017 Annual Cybersecurity Report cites that functions most likely to be affected by a data protection breach are:
Jeremy King, international director at PCI SSC has stated: “Companies, both large and small, need to act now and start putting in place robust standards and procedures to counter the cyber security threat, or face the prospect of paying astronomical costs in regulatory fines and reputational harm to their brand.”