Cybersecurity breaches could result in U.K. businesses collectively facing fines of up to £122 billion in 2018.
According to a report, which cited findings from the Payment Card Industry Security Standards Council (PCI), the eyeopening fines would be part of new European Union legislation that will set penalties for security breaches at 4 percent of global turnover to a maximum of £18 million.
The report noted that, while the U.K. will most likely be gone from the EU by 2019, Prime Minister Theresa May plans to sign all current EU law into U.K. law and then move slowly to repeal it, which means the new cybersecurity rules, and thus fines, will be on the books after the Brexit.
The report noted that cybersecurity is a huge issue for businesses operating in the U.K. with 90 percent of large organizations and 74 percent of smaller-sized businesses saying they had a breach in 2015. If the breaches continue at the same pace, PCI estimated the fines would rise from £1.4 billion in 2015 to £122 billion. Large companies, according to the report, would face £70 billion of those fines — an average of £11 million per company. Fines for smaller businesses would increase to £52 billion, averaging £13,000 for each smaller company.
“The new EU legislation will be an absolute game-changer for both large organizations and SMEs. The regulator will be able to impose a stratospheric rise in penalties for security breaches, and it remains to be seen whether businesses facing these fines will be able to shoulder the costs,” said Jeremy King, director of PCI, in a statement. “Companies, both large and small, need to act now and start putting in place robust standards and procedures to counter the cybersecurity threat or face the prospect of paying astronomical costs in regulatory fines and reputational harm to their brand.”