Report Predicts Banks To Get €4.7bn Fines In First 3 years Under GDPR

Uploaded on 2017-06-26 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-Financial

A new report is “conservatively” forecasting that European finance organisations are about to shell out €4.7 billion in first three years after the GDPR (General Data Protection Regulations) comes into power thanks to data breaches which they don't currently have to declare. 

Consult Hyperion, which commissioned AllClear ID to carry out the research said in a press release, “this forecast is conservative and excludes compensation claims, costs associated with lost customers, damaged reputations and senior executive resignations.” A spokesperson for the firm said the stats were, “gathered from historical data breach figures, adjusted for the size of the organisations and then the GDPR sanctions were added on top.”

To explain how the number was reached, the report says that, “based on the available data globally there were on average 514 verified breaches per year in the financial sector between 2013 and 2016. With a quarter of the world's banks in the European Union and no discernible difference in the regional pattern of reported breaches this implies there are around 128 breaches in the financial services industry each year in the EU. This is a highly conservative estimate.”

A press release from the company says, “It was assumed that breaches were at the lower end of the GDPR fine scale, which is €10 million or two percent of global annual turnover.”

When asked its opion on the number the UK Information Commissioner's (UK ICO) office a spokesperson for the governing body opined that the numbers are very much “speculative” as there is no way to predict how many breaches there will be from May 2018 and beyond.

It's important to note that the UK ICO only governs data in the UK and has no jurisdiction in other European countries. In the year 2016/17 the ICO only issued one data protection fine to a finance firm and that was £150,000 to Royal and Sun Alliance for losing the personal information of 60,000 customers.

Finance companies can also fined for either nuisance calls and texts which comes under different legislation or for failing to notify the ICO.

Further analysis from Consult Hyperion suggests that, “there have been no fewer than 27 data breach incidents among Tier 1 banks in the last decade, with some banks as multiple offenders, potentially liable for fines at the four percent of turnover level. This indicates an eight percent chance that any Tier 1 bank will suffer a data breach in any given year.”
Consult Hyperion says it expects to see two/three breaches of tier one banks, six breaches of tier two banks and a “long tail of breaches in Tier 3 financial institutions” over the next three years.

The firm concluded: “We estimate the average Tier 1 bank fine will be €260 million and the average Tier 2 bank fine at €48 million. The analysis forecasts that European banks can expect fines in the region of €4,662 million in the first three years after the introduction of GDPR.”

SC Magazine:

You Might Also Read:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

Get Ready To Be Dazzled By The GDPR Professionals:

Eight Steps To The GDPR Countdown:

 

« Google 'faces €1bn-plus fine' From EU
NHS Cyberattack Was 'launched from N. Korea' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Intercede

Intercede

Intercede is a cybersecurity company specializing in digital identities, derived credentials and access control, enabling digital trust in a mobile world.

Arista Networks

Arista Networks

Arista Networks is an industry leader in data-driven, client to cloud networking for large data center, campus and routing environments.

Network Integrity Systems

Network Integrity Systems

Network Integrity Systems is a leader in network infrastructure security and offers solutions specifically developed for Government and Private Enterprise.

InstaSafe Technologies

InstaSafe Technologies

InstaSafe®, a Software Defined Perimeter based (SDP) one-stop Secure Access Solution for On-Premise and Cloud Applications.

Cybero

Cybero

Cybero offers professional corporate cybersecurity training tailored to your business requirements.

RCDevs

RCDevs

RCDevs is an award-winning Software company providing security solutions designed for modern enterprise technologies and suited for SMEs to large corporations.

Naukrigulf

Naukrigulf

Naukrigulf.com is one of the fastest growing job sites in the Gulf, with thousands of registered job seekers and a robust CV database across many sectors, including cybersecurity.

IFE Digital Systems

IFE Digital Systems

IFE Digital Systems conducts research, development and consultancy in risk, safety and security related to digital systems in critical infrastructure.

TES

TES

TES is a provider of IT Lifecycle Services, offering bespoke solutions that help customers manage the commissioning, deployment and retirement of Information Technology assets.

Nova Leah

Nova Leah

Nova Leah helps connected medical device manufacturers meet cybersecurity compliance requirements throughout the entire product lifecycle.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

Polaris Infosec

Polaris Infosec

Polaris Web Presence Protection (WPP) is powered by our proprietary artificial intelligence and machine learning engine to ensure that attacks are stopped before they affect your business.

Help AG

Help AG

Help AG provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security solutions and services.

Cyber Insurance Academy

Cyber Insurance Academy

Cyber Insurance Academy was founded to provide insurance professionals with the knowledge needed to work in cyber-insurance and cyber-related insurance fields.

LayerX Security

LayerX Security

LayerX's user-first browser security platform turns any browser into the most protected & manageable workspace, by providing real-time monitoring and governance over users’ activities on the web.

ShellBoxes

ShellBoxes

ShellBoxes are a leading Web3 company focused on providing top-notch blockchain security and development services.