Fujitsu comments on RPC’s report on average value of cybersecurity fines
New figures released by City law firm RPC have revealed that the average value of fines issued by the UK’s data watchdog doubled over the last year to reach £146,000.
The comments from the industry, Sarah Armstrong-Smith, Head Continuity & Resilience at Fujitsu UK & Ireland has provided a comment on her thoughts on this:
“With breaches hitting our headlines almost on a daily basis, it is no surprise to hear that the average data breach fine in the UK has doubled in the past year alone. However, as these figures are based on previous regulations, we should expect fines to increase even further, especially since GDPR and the UK Data Protection Act 2018 came into force earlier this year. What’s more, its important organisations recognise that a fine is only one aspect of the cost of a data breach or attack to the business – we must also consider the cost that a recovery, compensation claim, reputational damage or potential loss of customers can have.
“Changes in data protection legislation aims to give individuals more ownership and control over what’s happening to their personal data. It is now well understood that investment in good data governance principles engenders trust. The focus needs to be on the interests and rights of data subjects – employees, customers and all stakeholders: everyone you come into contact with. Their interests need to be the principal focus if companies are to avoid hefty fines.
“The fact is that tighter regulations mean companies can no longer be complacent, whether it’s in the collection and processing of data or the reporting of a breach. Companies need to be on the front foot, be logical in managing the data journey and have processes in place should the worst happen.
“To be truly effective when it comes to protecting personal data requires a mix of people, processes and technologies: all of which have to be carefully aligned so that everything fits together properly. At the end of the day, it requires a cultural shift to embed data governance throughout an organisation.”