SMEs on the hook for £52bn, while large organisations could be forced to pay up £70bn
UK companies and organisations could face huge fines when the European Union’s General Data Protection Regulation (GDPR) becomes law.
The PCI Security Standards Council (PCI-SSC) warned that fines as high as £122bn could have been levied against UK organisations in 2015 based on the number of cyber security incidents.
PCI-SSC bases its estimates on survey figures from the Office of National Statistics, which suggests that there were 2.46 million ‘cyber incidents’ in 2015. Around 90 per cent of large organisations and 74 per cent of SMEs supposedly suffered a security breach in 2015.
Large organisations would face fines totalling £533m and SMEs £908m under existing data protection laws, according to the PCI-SSC, if the Information Commissioner’s Office (ICO) was notified of every breach and imposed the maximum penalty.
The same security lapses under the GDPR would bump these figures up to £70bn for major organisations and £52bn for SMEs, the PCI-SSC said.