The head of the UK’s data watchdog has vowed to fine firms falling short on cybersecurity after warning “complacency” within companies is the “biggest cyber risk businesses face”.
The warnings come after the UK’s Information Commissioner’s Office (ICO) today fined British construction firm Interserve £4.4m over its failure to protect its employees’ data from cyberattacks.
Information commissioner John Edwards said companies should “expect a similar fine from my office” if they are found to have failed to have put proper protections in place.
The Interserve attack saw hackers use an email phishing scam to access personal data belonging to as many as 113,000 of the Reading construction company’s staff.
“This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud,” Edwards said.
The information commissioner warned companies that fail to monitor for suspicious activity, update their software, or provide proper training to staff will also be fined.
“Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information,” Edwards said.
“If your business doesn’t regularly monitor for suspicious activity in its systems and fails to act on warnings or doesn’t update software and fails to provide training to staff, you can expect a similar fine from my office.”
The ICO fine comes after Nadhim Zahawi, Chancellor of the Duchy of Lancaster, said firms should treat cybersecurity as a business priority and not just “an issue for company IT departments.”
The minister warned that economic growth would not be possible in the modern digital world without the “economic security” that comes from proper cybersecurity protocols.
Edwards added: “Cyber attacks are a global concern and businesses around the world need to take steps to guard against complacency.”
Interserve has been contact for comment.