Despite the constant reports of Cyber breaches, the risk seems to be generally accepted as part and parcel of using the internet and smart phones; in much the same way that motor accidents are an accepted price for the convenience of road transport. We just hope they don’t happen to us.
But perhaps that may change, particularly for companies and their insurers following the Information Commissioners Office (IFO) announcement that they intend to fine British Airways £183m, the largest fine so far under the new General Data Protection Regulations (GDPR).
This follows the much-publicised cyber incident last September when 500,000 customers had their data compromised. The ICO say the breach was down to poor security arrangements, although British Airways has issued a defence saying they faced a sophisticated, malicious criminal attack. It plans to defend the airline’s position ‘vigorously’, including making ‘any necessary appeals’.
Whatever the outcome, the message from the ICO was clear: “When you are entrusted with personal data you must look after it.” And they subsequently announced their intention to fine Marriott Hotel Group £99m. Marriott has also said it plans to appeal.
These draconian fines will be a warning to large companies, but may be a sign we are moving to a position of ‘strict liability’ where whatever security you put in place and however sophisticated the attack, you didn’t do enough. You would hope that smaller companies doing their best without large cyber security budgets will be given more leeway, but we will have to wait and see.
To access the full article by Worthing Herald, please click here
To discover the Commercial Insurance options available through Warwick Davis Insurance, please click here