2018 Could See UK Small Businesses Hit with £52bn in Cybersecurity Fines
Incoming EU legislation to set regulatory fines at 4% of global turnover could see small UK firms slapped with fines of £13,000 each
The UK’s small businesses could face up to £52bn in regulatory fines for breaches of cyber security at the mercy of incoming EU legislation, according to findings from the PCI Security Standards Council (PCI SSC).
In 2018, regulatory fines will be set at 4% of global turnover, up to a maximum of €20m – a huge increase on the current level of £500,000.
Last year, 74% of small and medium businesses reported a security breach, resulting in an estimated £908m in fines to the European regulator. If breaches remain at 2015 levels, fines could multiply 57 times to £52bn – an average of £13,000 per company.
The report warns that fines are just one impact for small firms, alongside damage to reputation, disruption to business and loss of revenue.
Jeremy King, international director at PCI SSC, commented:
“The regulator will be able to impose a stratospheric rise in penalties for security breaches, and it remains to be seen whether businesses facing these fines will be able to shoulder the costs.
“Companies, both large and small, need to act now and start putting in place robust standards and procedures to counter the cybersecurity threat, or face the prospect of paying astronomical costs in regulatory fines and reputational harm to their brand.”