Regulations/Legislation

Companies Unprepared for Looming Cyber Crime Rules Face Crippling Fines

A string of surveys and public statements show that most CEOs are at least wise to the risks presented by cyber crime. Now, a related threat is emerging that could do equal damage to their business: cyber crime rules.

Governments around the world are gradually taking a more heavy-handed approach to regulation after high-profile attacks crippled public services or led to the theft of troves of customer data.

In February, New York state introduced final regulations that require banks and insurers to meet minimum cybersecurity standards and report breaches to regulators.

European countries, however, appear to be taking the lead on the issue, with the pending introduction of General Data Protection Regulation, due to come into force May 2018.

“a startling 60% aren’t even aware of the new rules.”

Companies falling foul of the rules could face a maximum penalty of €20 million ($22 million), or 4% of their global turnover—potentially catching out foreign companies with European subsidiaries, or the large number of U.S. companies that have based themselves there for tax purposes.

Just a third of UK-based companies have started preparing for the rule change, while a startling 60% aren’t even aware of the new rules, according to a new survey commissioned by law firm Irwin Mitchell.

The poll of 2,000 businesses, conducted by YouGov, also found that 71% weren’t aware of the size of the penalties they could face. Some 18% said they would go out of business if they received the maximum penalty, while around 10% said they would need to make significant job cuts.

The findings come after 836 insurance practitioners polled by PwC ranked cyber risk as their second-biggest concern for 2017, behind change management risks associated with digital disruption, and jumping above regulation risks and recession fears.

Insurers were anxious about attacks on their own businesses, but also about the cost of underwriting cyber crime. Covering clients for multi-million fines could be a big part of the mix, too,  if businesses, particularly in Europe, don’t strengthen their defenses soon.

“[Next] May’s deadline is fast-approaching and with so much at stake, our study reveals there’s a very real possibility that the majority of organizations will not be compliant in time,” Irwin Mitchell partner Joanne Bone said.


Ross Kelly

Ross Kelly is a London-based business journalist. He has been a staff correspondent or editor at The Wall Street Journal, Yahoo Finance and the Australian Associated Press.

Share
Published by
Ross Kelly

Recent Posts

How To Reconfigure A Traditional Industrial Giant For New Era

Johnson Controls CEO Oliver has led a corporate transformation focused on making buildings greener.

14 hours ago

Rachel Barger, Cisco’s Senior Vice President of the Americas, Encourages Us to Always Keep an Open Door

In this edition of our Corporate Competitor Podcast, leadership speaker and storytelling expert Don Yaeger…

3 days ago

Boards May Need To Reevaluate Their Idea Of Acceptable Risk

Boards are being held to a higher standard regarding risk. A more thorough strategy may…

7 days ago

CEOs Can Become Afflicted With ‘Boreout’ Too

If you're experiencing burnout not because you're overworked, but because you're underinspired, it might be…

7 days ago

Why CIOs Should Report Directly To The CEO

When companies elevate the role, they reap significant benefits. Here are five critical ways it…

1 week ago

New-Era Koppers Keeps Staying Ahead Of The Game

CEO Ball has led early decoupling from China and diversification that ties into today’s infrastructure…

1 week ago