Further evidence has emerged of the Information Commissioner’s Office tough stance on companies which fail to protect against data breaches after it has been revealed that the average fine has doubled to £146,000 in the year to September 30 2018.
According to City law firm RPC, the total value of penalties imposed by the ICO in the period rose to £4.98m, up 24% from £4m during the same period last year.
The figures, which exclude last week’s £500,000 Facebook fine, include Equifax, which was hit with the maximum £500,000 for its 2017 cyber-attack; Carphone Warehouse, which was fined £400,000 for failing to adequately protect customer and employee data; and Bupa, which took a £175,000 hit after customer data ended up for sale on the dark web.
Richard Breavington, partner at RPC, commented that a doubling in the average size of a fine should serve as a “wake-up call to businesses”.
“Given that there seems to be no slowdown in the number of cyber-attacks today – businesses need to see how they can mitigate the risks to their customer when there is an attack. Businesses should ensure that they take out cyber insurance policies so that they can bring in experts to contain the impact of an attack and limit the exfiltration of data.”
ICO takes no prisoners as complaints and fines rocket
Equifax first to be hit with maximum £500k data fine
Carphone Warehouse rocked by £400,000 ICO data fine
Even God’s disciples can’t escape the ICO or a huge fine
Bupa hit by £175,000 fine for mass insider data theft