Businesses across the UK could face up to £122bn in cybersecurity fines for breaches when the new EU legislation comes into effect in 2018. Last year, 90 per cent of large organisations and 74 per cent of SMEs reported suffering a security breach, according to a government survey. It resulted in an estimated total of £1.4bn in regulatory fines.
These developments follow in the wake of the EU agreeing on new rules concerning the breach of data protection regulations at the end of last year. And Brexit or no Brexit, the UK’s Information Commissioner’s Office has previously campaigned for higher standards of protection and greater sanctions for a breach either way, so equivalent laws would be introduced for the country in any case.The PCI Security Standards Council has warned that the incoming EU legislation will set the maximum regulatory fines at four per cent of global turnover, which makes it a lot higher than the current maximum of £500,000.
If cyber security breaches remain at 2015 levels, the cybersecurity fines could see a near 90-fold rise, from £1.4bn all the way to £122bn. For larger firms, this could mean the fines reach £70bn, which would be more than a 130-fold increase and the average per organisation at £11m.
Similarly, fines for SMEs could see a 60-fold increase, rising to £52bn, averaging out at £13,000 per small business. Jeremy King, international director at the PCI Security Standards Council, said,
The new EU legislation will be an absolute game-changer for both large organisations and SMEs. The regulator will be able to impose a stratospheric rise in penalties for security breaches, and it remains to be seen whether businesses facing these fines will be able to shoulder the costs.
PCI Security Standards Council says that firms need to start putting in place procedures to counter the cybersecurity threat, or risk getting slapped with hefty regulatory fines. They also risk the reputational damage, business disruption and revenue loss that arise from cybersecurity breaches.