An increasing number of high profile data breaches have taught us that how a company looks after their information and manages any incidents can make or break an organisation. This can be the difference between winning and losing business contracts. Getting it right, however, has the ability to directly impact upon the business’s bottom line, as increased confidence brings increased revenue and competitive advantage.
The average estimate of breaches cost an organisation anywhere between £75,000 and £311,000 for an SME and between £1.45 – £3.14 million for large organisations, even without the value of the reputational loss to a company, there is a clear business justification to foster a culture which values and protects information.
The maximum fine which can be currently levied for a data breach by the Information Commissioners’ Office (under the UK Data Protection Act 1998) is £500,000.
In May 2018 this maximum fine will increase to €20 million or 4% of annual revenue (under the EU GDPR legislation) – Brexit or not, current thoughts are that the UK will align with the directive.