Businesses across the UK could face up to £122bn in regulatory penalties for cyber security breaches when new EU legislation comes into effect in 2018.
Last year, 90 per cent of large organisations and 74 per cent of SMEs reported suffering a security breach, according to a government survey. That added up to an estimated total of £1.4bn in regulatory fines.
The PCI Security Standards Council has warned that incoming EU legislation will set the maximum regulatory fines at four per cent of global turnover, which is considerably higher than the current maximum of £500,000.
If cyber security breaches remain at 2015 levels, the fines could see a near 90-fold rise, up from £1.4bn to £122bn. For larger firms, this could mean the fines reach £70bn, which would be more than a 130-fold increase and the average per organisation at £11m.
Similarly, fines for SMEs could see a 60-fold increase, rising to £52bn, averaging out at £13,000 per small business.
Jeremy King, international director at the PCI Security Standards Council, said: “The new EU legislation will be an absolute game-changer for both large organisations and SMEs.
“The regulator will be able to impose a stratospheric rise in penalties for security breaches, and it remains to be seen whether businesses facing these fines will be able to shoulder the costs.”
The EU agreed on new rules concerning the breach of data protection regulations at the end of last year.
PCI Security Standards Council says that firms need to start putting in place procedures to counter the cyber security threat, or risk getting slapped with hefty regulatory fines. They also risk the reputational damage, business disruption and revenue loss that arise from cyber security breaches.