UK firms could face fines of £122 billion in 2018


Ideas surrounding post-GDPR landscape have been reported on extensively, from how to plan to the financial fallout.

It is important to ready the organisation for the GDPR storm and to understand just how much the regulatory landscape is going to change, in terms of fines incurred. The stakes are high.

According to a government survey, in 2015, 90% of large organisations and 74% of SMEs reported suffering a security breach, leading to an estimated total of £1.4 billion in regulatory fines.

This is a drop in the ocean post-GDPR, according to PCI Security Standards Council.

GDPR fines

In 2018, new EU legislation will set regulatory fines at 4% of global turnover, far exceeding the current maximum of £500,000.

>See also: GDPR: The catalyst for a global digital transformation

Under this new universal EU provision, regulatory fines for cyber security breaches could rise to £70 billion for large firms and £52 billion for SMEs.

This represents a 130-fold, or £11 million on average fine increase for large organisations.

While regulatory fines for SMEs could see a 60-fold increase, averaging £13,000 per SME.

New regulatory fines represent increases of 130-fold for large organisations and 60-fold for SMEs.

>See also: GDPR and 3 steps to achieve better compliance

Significantly, if cyber security breaches remain at 2015 levels, the fines paid to the European regulator could see a near 90-fold increase, from £1.4 billion last year, to an incredible £122 billion.

Jeremy King, International Director at PCI Security Standards Council, commented: “The new EU legislation will be an absolute game-changer for both large organisations and SMEs. The regulator will be able to impose a stratospheric rise in penalties for security breaches, and it remains to be seen whether businesses facing these fines will be able to shoulder the costs.”

“Companies, both large and small, need to act now and start putting in place robust standards and procedures to counter the cybersecurity threat, or face the prospect of paying astronomical costs in regulatory fines and reputational harm to their brand.”

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Data Breach