The proposed fines against British Airways and Marriott International for breaches GDPR have sent shockwaves through the business community, with a new study showing that UK companies have suddenly started to take cybersecurity much more seriously at board-level.with the vast majority seeking to increase their online security budgets.
Last month the Information Commissioner’s Office revealed it was planning to issue GDPR fines totalling over £282m to the two companies, after poor security practices put the personal data of millions of customers in jeopardy.
Now, new research by data security company Clearswift indicates that the fines are making firms sit up and take note. In the study, which surveyed senior business decision makers across financial organisations in the UK, nearly a third (32%) of companies referenced the proposed GDPR fines as being the main reason for an increase in board level involvement and the provision for IT security spending.
Clearswift chief technology officer Dr Guy Bunker said: “These proposed fines now serving as a blueprint for how the ICO will handle cases of this nature. By giving out such large ‘intentions to fine’ notices, the ICO has delivered a message that it is not afraid to reprimand household names.”
The research also revealed that 73% of financial businesses said they would like to see an increase in cyber security investment, with almost one in five UK firms saying that their budgets were currently "well below the adequate level".
When asked where their organisation currently focuses its cyber security investment, data loss prevention technology was a key area for 53%, followed by database security at 42%, regulatory compliance at 40% and advanced threat protection at 40%.
Bunker added: “The board is now sitting up and taking notice of GDPR compliance and the role cyber security plays in it. However, it is not just about taking notice, it is the need to invest to maximise their ability to keep the organisation safe from new threats.
"Revisiting their ‘defence in depth’ strategy to augment with enhanced security solutions including both the boundary and the cloud, and implementing more stringent policies, is crucial to securing the critical information they hold within the organisation.”