GDPR Fines: Could Cybercriminals Bite Back?

A response from SMP about GDPR and the threat of cybercriminal activity –

In the 14 months since GDPR became enforceable, several high profile global organizations have incurred hefty fines in violation of the regulation. Most recently, this includes Marriott and British Airways.

For Marriott, the $123M fine comes out of the U.K.’s Information Commissioner’s Office (ICO) and stems from a data breach that exposed 500 million customer records. Further complicating the situation is the root of the hack, which originated with Starwood, two years before Marriott acquired the company.

In the case of British Airways, hackers stole the personal data of more than 500,000 airline customers beginning in June 2018. The ICO intends to penalize the carrier some $230M in response.

In the wake of these incidents, security experts, including SMP, warn that GDPR is changing more than just the cost of a breach – it’s impacting the entire security landscape. Companies operating in different countries, especially those in the European Union, face the cost of fines under GDPR and similar legislation like the California Consumer Privacy Act (CCPA), plus the cost of reparations to exposed customers and any associated litigation.

At the same time, SMP believes that cybercriminals could be taking note in hopes of blackmailing companies post-hack. It’s not that far of a stretch to capture customer data and in turn, demand $10M, especially when the company risks a fine upwards of $100M. That’s not a situation any organization wants to happen – and yet, the possibility remains.

To guard against the threat of cybercriminals and protect your organization, we recommend the following:

  1. Stay informed about GDPR and other legislative updates. Understand how and where these regulations apply to your business.

  2. Audit your current cybersecurity infrastructure, shore up any existing weaknesses and update your protocol to ensure compliance.

  3. Actively monitor these systems and information continuously with the support of a qualified team of experts. 

For more information, please contact SMP