New figures reveal that mid-sized and large businesses could be in line for fines totalling £20bn if they fail to protect their customers from data breaches.
Companies that suffer a breach could face serious financial consequences once new data protection regulations are fully introduced across EU member states.
Data breaches are increasingly frequent and, according to research from Experian, UK businesses appear to be acutely underprepared when it comes to the aftermath. Almost a fifth (17%) of companies have lost confidential information in at least one breach over the last two years and 57% of those affected experienced multiple breaches:
- Less than half of the organisations surveyed (47%) would notify their customers ‘as quickly as possible’;
- 43% would offer a dedicated support team to reassure customers;
- Just 16 % say they would financially compensate anyone affected by a breach.
The new rules are likely to significantly raise the reporting and financial stakes. With cyber-criminals becoming increasingly sophisticated, plus unprecedented levels of personally identifiable information now trading online, the problem is not going to go away on its own.
“The introduction of EU Data Protection Regulation, expected to come fully into force within the next three years, will fundamentally and dramatically alter the data breach landscape. Even in the absence of a strict notification law at this time, it is well within companies’ best interest to put preventative measures and plans in place now. The companies that stay ahead will be those who focus on protecting their customers,” commented Amir Goshtai, Managing Director, Affinity, Experian Consumer Services.
If the threat of a substantial fine isn’t enough, almost two thirds (63%) of people say they would leave an organisation if their personal information was compromised. Customer confidence and loyalty would also be greatly affected with eight in ten Britons declaring that their overall level of trust in an affected company would decrease (80 per cent) and their opinion of the organisation would worsen (79 per cent). More than two thirds (67 per cent) said they would advise their friends and family against doing business with a breached organisation.
The main challenge is that the UK is expected to follow the same upward trajectory that has been observed in the US over the last five years. This means the risks of data breaches will continue to increase at a rapid rate and consequently the repercussions in terms of lost business costs, greater public awareness and reputational damage, will become considerably more serious.
“Tougher regulation will further raise the media and public profile of data breaches. With our data showing that a third of companies currently do not have any kind of response plan in place at all and almost two in ten having suffered a significant data breach in the last two years, it could be a stark wake up call for UK business,” Amir Goshtai continued.
Further insight highlights the extent of the issue, revealing that:
- Almost one in five (17 per cent) of organisations questioned had a data breach involving the loss of more than 1,000 records in the past two years. In the US this figure is significantly higher at 43 per cent;
- Nearly three in five (57 per cent) of those affected, experienced multiple breaches. Medium-sized businesses were the worst hit with almost two thirds (61 per cent) reporting an attack between two and five times, compared with two in five (40 per cent) of large businesses;
- Whilst almost half of businesses (46 per cent) think it is their responsibility to keep personal data safe and a further 27 per cent believe they and their customers have equal liability, almost a third (28 per cent) place this burden firmly on the customer;
- Organisations that have had a data breach in the past two years are far more likely to say it is the customers’ responsibility to keep personal data safe (55 per cent), compared to those who have not had a data breach in the past two years (21 per cent).