We have all read of the TalkTalk data breach in 2015 where more than 157,000 of its customers’ personal details were accessed. With over 15,000 bank account details stolen and 28,000 credit and debit cards affected, it was a significant incident by UK standards. This breach should act as a warning for the UK business community and for foreign entities doing business in the UK.
At this time the Information Commissioner’s Office (ICO) can levy significant fines, with the maximum fine permissible being £500,000. This is the level that is likely to hit TalkTalk. If you consider that TalkTalk has revenues of circa £1.8 billion, you can see that the fine is of no real consequence for a company of this size.
However, with the advent of the new General Data Protection Regulation (GDPR), the potential fines will rise to 4% of annual global turnover or‚¬20,000,000, whichever is higher. If we take the TalkTalk incident as an example, the potential fine may have reached the multi-million Euro level had this regulation been in place. With the regulation being applied not only to EU domiciled companies, but also to any entity wishing to conduct business in the EU, now is the time to take cyber security and risk management more seriously.
Cyber and Network Security insurance can offer protection for the costs incurred in defending a regulatory investigation or prosecution. The policy can also, where legally allowable, pay the amount of any regulatory award against the insured. With the cost associated with cyber related incidents on the rise, can organisations afford to ignore this high profile risk area any longer?
Now is the time to act and to get your organisation ready for the new regulatory regime. Speak to us if you wish to understand how insurance can aid you in the management of your cyber risk, both pre and post loss.