Businesses in the UK could face up to £122 billion in regulatory penalties for cybersecurity breaches when new EU legislation comes into effect in 2018, according to new findings from the PCI Security Standards Council (PCI SSC).
According to a government survey, in 2015, 90% of large organisations and 74% of SMEs reported suffering a security breach1, leading to an estimated total of £1.4 billion in regulatory fines.
In 2018, new EU legislation will set regulatory fines at 4% of global turnover2, far exceeding the current maximum of £500,000. This means, if cybersecurity breaches remain at 2015 levels, the fines paid to the European regulator could see a near 90-fold increase, from £1.4 billion last year, to an incredible £122 billion.
For large organisations, this could mean regulatory fines for cybersecurity breaches soaring to £70 billion, more than a 130-fold increase, equating to the average per organisation rising to £11 million. Regulatory fines for SMEs could see a 60-fold increase, rising to £52 billion, averaging £13,000 per SME.
Regulatory fines are only part of the downside for companies. Reputational damage, business disruption and revenue loss also significantly impact firms that suffer a cybersecurity breach.
PCI SSC works in partnership with organisations to develop and enhance payment and data security standards, and has today urged firms to act now in order to prevent, detect and respond to cyberattacks that can lead to payment data breaches.
Jeremy King, International Director at PCI Security Standards Council, comments: “The new EU legislation will be an absolute game-changer for both large organisations and SMEs. The regulator will be able to impose a stratospheric rise in penalties for security breaches, and it remains to be seen whether businesses facing these fines will be able to shoulder the costs.
“Companies, both large and small, need to act now and start putting in place robust standards and procedures to counter the cybersecurity threat, or face the prospect of paying astronomical costs in regulatory fines and reputational harm to their brand.”
This year marks the 10th anniversary of PCI SSC and its role in fostering secure transactions and cybersecurity globally. On 18-20 October 2016, PCI SSC will be bringing together over 500 payment and security experts from across Europe at its annual Europe Community Meeting in Edinburgh.
1 PWC / HM Government 2015 Information Security Breaches Survey
2 Maximum regulatory fines under new EU legislation will set regulatory fines at up to €20 million or 4% of global turnover, whichever is greater.