October 17, 2016
Businesses in the UK could face up to £122 billion in fines for cybersecurity breaches in 2018, according to new findings from the Payment Card Industry Security Standards Council (PCI).
The increase in fines would come as part of new EU legislation, which will set regulatory penalties for security breaches at 4% of global turnover, to a maximum of £18 million.
A cybersecurity breach is an incident that results in the unauthorised access of a company’s data or its networks.
While the UK will most likely have left the EU by 2019, Prime Minister Theresa May intends to sign all current European law into UK law and repeal it gradually. That means that the new rules would still apply after Brexit.
Cybersecurity is a big problem for UK businesses. In 2015, 90% of large organisations and 74% of smaller businesses reported a breach, according to PCI.
If breaches remain at 2015 levels, PCI says fines due would increase from £1.4 billion last year to £122 billion. Large organisations would face £70 billion of those fines — an average of £11 million per organisation. Fines for smaller businesses would rise to £52 billion, averaging £13,000 for each business.