Report Predicts Banks To Get €4.7bn Fines In First 3 years Under GDPR

Uploaded on 2017-06-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-Financial

A new report is “conservatively” forecasting that European finance organisations are about to shell out €4.7 billion in first three years after the GDPR (General Data Protection Regulations) comes into power thanks to data breaches which they don't currently have to declare. 

Consult Hyperion, which commissioned AllClear ID to carry out the research said in a press release, “this forecast is conservative and excludes compensation claims, costs associated with lost customers, damaged reputations and senior executive resignations.” A spokesperson for the firm said the stats were, “gathered from historical data breach figures, adjusted for the size of the organisations and then the GDPR sanctions were added on top.”

To explain how the number was reached, the report says that, “based on the available data globally there were on average 514 verified breaches per year in the financial sector between 2013 and 2016. With a quarter of the world's banks in the European Union and no discernible difference in the regional pattern of reported breaches this implies there are around 128 breaches in the financial services industry each year in the EU. This is a highly conservative estimate.”

A press release from the company says, “It was assumed that breaches were at the lower end of the GDPR fine scale, which is €10 million or two percent of global annual turnover.”

When asked its opion on the number the UK Information Commissioner's (UK ICO) office a spokesperson for the governing body opined that the numbers are very much “speculative” as there is no way to predict how many breaches there will be from May 2018 and beyond.

It's important to note that the UK ICO only governs data in the UK and has no jurisdiction in other European countries. In the year 2016/17 the ICO only issued one data protection fine to a finance firm and that was £150,000 to Royal and Sun Alliance for losing the personal information of 60,000 customers.

Finance companies can also fined for either nuisance calls and texts which comes under different legislation or for failing to notify the ICO.

Further analysis from Consult Hyperion suggests that, “there have been no fewer than 27 data breach incidents among Tier 1 banks in the last decade, with some banks as multiple offenders, potentially liable for fines at the four percent of turnover level. This indicates an eight percent chance that any Tier 1 bank will suffer a data breach in any given year.”
Consult Hyperion says it expects to see two/three breaches of tier one banks, six breaches of tier two banks and a “long tail of breaches in Tier 3 financial institutions” over the next three years.

The firm concluded: “We estimate the average Tier 1 bank fine will be €260 million and the average Tier 2 bank fine at €48 million. The analysis forecasts that European banks can expect fines in the region of €4,662 million in the first three years after the introduction of GDPR.”

SC Magazine:

You Might Also Read:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

Get Ready To Be Dazzled By The GDPR Professionals:

Eight Steps To The GDPR Countdown:

 

« Google 'faces €1bn-plus fine' From EU
NHS Cyberattack Was 'launched from N. Korea' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

L3Harris United Kingdom

L3Harris United Kingdom

L3Harris UK (formerly L3 TRL Technology) designs and delivers advanced electronic warfare and cyber security solutions for the protection of people, infrastructure and assets.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Censornet

Censornet

Censornet's autonomous, integrated cloud security gives mid-market organisations the confidence and control of enterprise-grade cyber protection.

HireVergence

HireVergence

HireVergence is a full service IT staffing and recruiting firm with a focus on cyber and information security.

ActiveCyber

ActiveCyber

ActiveCyber is a source for news, reviews, learning, and technological innovation in the active cyber defense industry.

BioCatch

BioCatch

BioCatch uses behavioral biometrics for fraud prevention and detection. Continuous authentication for web and mobile applications to prevent new account fraud.

Government Communications Security Bureau (GCSB)

Government Communications Security Bureau (GCSB)

GCSB contributes to New Zealand’s national security by providing information assurance and cyber security to the New Zealand Government and critical infrastructure organisations.

Gradiant

Gradiant

Gradiant’s mission is to contribute to the growth and competitive improvement of Galician businesses through technology development and innovation using ICT.

EOL IT Services

EOL IT Services

EOL IT Services is the UK’s most accredited provider of IT Asset Disposal (ITAD), Lifecycle Services and Data Destruction.

High Wire Networks

High Wire Networks

High Wire Network’s Overwatch Managed Security Plaform-as-a-Service offers organizations end-to-end protection for networks, data, endpoints and users.

Cyber Gate Defense (CyberGate)

Cyber Gate Defense (CyberGate)

CyberGate is an Emirati establishment founded with an objective to provide cyber security services that would improve the overarching cyber security posture of the UAE.

Gijima

Gijima

Gijima is one of SA’s leading ICT companies in Cloud & Outsourcing, Systems integration, Human Capital Management & Training, Cybersecurity, and Unified Communications.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

In-Q-Tel (IQT)

In-Q-Tel (IQT)

IQT is the non-profit strategic investor that accelerates the development and delivery of cutting-edge technologies to U.S. government agencies that keep our nation safe.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

Cranium

Cranium

Cranium are an international consultancy organisation specialised in privacy, security and data management.