According to the Payment Card Industry Security Standards Council (PCI SSC), 90% of large organisations and 74% of SMEs reported a security breach, leading to an estimated total of GBP 1.4 billion in regulatory fines.
In 2018, the European Union’s General Data Protection Regulation (GDPR) will introduce fines for groups of companies of up to EUR 20 million or 4% of annual worldwide turnover, whichever is greater, far exceeding the current maximum of GBP 500,000.
This means that if data breaches remain at 2015 levels, the fines paid to the European regulator could see a near 90-fold increase, from GBP 1.4bn in 2015 to GBP 122bn, the PCI SSC calculated, based on the maximum fine of 4% of global turnover.
For large UK organisations, this could see regulatory fines for data breaches soar to GBP 70bn, more than a 130-fold increase, rising to an average of GBP 11m per organisation. Regulatory fines for SMEs could see a 57-fold increase, rising to GBP 52bn, averaging GBP 13,000 per SME.
Regulatory fines are only part of the downside for companies, the PCI SSC said, with reputational damage, business disruption and revenue loss also having a significant impact on firms suffering a data breach.
The PCI SSC, which works in partnership with organisations to develop and enhance payment and data security standards, is urging firms to act now to prevent, detect and respond to cyber-attacks that can lead to breaches of payment data and other personal data.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now