When GDPR (General Data Protection Regulation) comes into force in 2018, businesses not adhering to cybersecurity best practices risk either €20 million in fines, or 4 per cent of their annual global turnover, whichever is bigger.
The media has been buzzing about this a lot lately, but how much is 4 per cent really, at least among UK organisations? According to PCI Security Standards Council – that could be up to £122 billion. Here’s how PCI SSC came to that conclusion. Last year, 90 per cent of large organisations, and 74 per cent of small and medium-sized enterprises, said they’d suffered a security breach, costing them up to £1.4 billion in regulatory fines, estimate. Current maximum for fines is set at £500,000.
If cybersecurity breaches stay at last year’s levels, the fines paid to the European regulator could be 90 times higher, up to £122 billion. Large businesses could see fines up to £70 billion, or a 130-fold increase.
“The new EU legislation will be an absolute game-changer for both large organisations and SMEs,” says Jeremy King, International Director at PCI Security Standards Council.
“The regulator will be able to impose a stratospheric rise in penalties for security breaches, and it remains to be seen whether businesses facing these fines will be able to shoulder the costs.”
“Companies, both large and small, need to act now and start putting in place robust standards and procedures to counter the cybersecurity threat, or face the prospect of paying astronomical costs in regulatory fines and reputational harm to their brand.”
Image source: Shutterstock/MaximP