This article was focused on the financial repercussions for failing to meet cyber-security requirements in the EU. Currently, failing to meet legal requirements for cyber-security results in a fine of 500,000 pounds. The author cites a recent study that showed 7 out of 10 board members believed this punishment to be too lenient. However, by 2018 new data protection rules will increase penalties up to 20 million pounds.
This article illustrates the growing recognition of the importance of proper cyber security practices among executive management. The high number of directors that are calling for heftier punishments and stricter standards shows that these directors recognize the threat posed by a lack of cyber security and the immediate need for proper cyber security precautions.
Article: http://www.telegraph.co.uk/technology/2016/09/26/punish-companies-for-cyber-security-failures-directors-say/
I think that is a great idea, Hospitals are punished for HIPPA violations and from my experience they take HIPPA breaches extremely seriously as they are costly. Money seems to be a great motivator.
hello Anthony- I kind of agree with this article because some companies don’t want to spend the money in security to protect their customers and clients.
I was reading an article this morning that mentioned that a typical cost of a bridge was about $200,000 and that most cyber events cost companies less that 0.4 percent of their annual revenue researches said.
I am a stronger believer of security and the investment is worth the money.
Balancing the financial equation is very important if we want companies to take security seriously. Since the company is only beholden to its stakeholders, regulations are introduced to try to forcibly balance the goals with the good of society. As companies hoard more and more personal data, penalties for losing it should increase. If a company does a risk analysis and figures out that an event is cheap enough to ignore they will never try to make data safe. Stiff penalties change the equation drastically.
Very interesting article. I share the opinion of the directors who believe that stricter punishments and standards must be applied against poor cyber security practices, especially within large corporations. I believe everyone must play their parts to encourage safer IT operations and big enterprises are no exceptions.In fact, they should take advantage of their financial and infrastructure means to display leadership in that area. 500,000 pounds is a start and hopefully it will increase substantially as predicted. I’m curious to learn about similar rules and fines in the U.S..
Hey guys, thanks for all the feedback! Glad to see everyone agreeing that we need to implement a better system of enforcing cyber security standards. In all reality, making these fines heftier and forcing executives to acknowledge the cost associated with failing to comply will benefit these companies. Even if a company has to pay the fines and then reinforces their cyber security policies, that would be a lot cheaper than the cost of an actual breach. On top of that, the money from the fines can be used to enforce standards and provide more education on the importance of cyber security. I definitely believe a lot of good can come out of the stricter enforcement of cyber security standards.