Report Predicts Banks To Get €4.7bn Fines In First 3 years Under GDPR

A new report is “conservatively” forecasting that European finance organisations are about to shell out €4.7 billion in first three years after the GDPR (General Data Protection Regulations) comes into power thanks to data breaches which they don't currently have to declare. 

Consult Hyperion, which commissioned AllClear ID to carry out the research said in a press release, “this forecast is conservative and excludes compensation claims, costs associated with lost customers, damaged reputations and senior executive resignations.” A spokesperson for the firm said the stats were, “gathered from historical data breach figures, adjusted for the size of the organisations and then the GDPR sanctions were added on top.”

To explain how the number was reached, the report says that, “based on the available data globally there were on average 514 verified breaches per year in the financial sector between 2013 and 2016. With a quarter of the world's banks in the European Union and no discernible difference in the regional pattern of reported breaches this implies there are around 128 breaches in the financial services industry each year in the EU. This is a highly conservative estimate.”

A press release from the company says, “It was assumed that breaches were at the lower end of the GDPR fine scale, which is €10 million or two percent of global annual turnover.”

When asked its opion on the number the UK Information Commissioner's (UK ICO) office a spokesperson for the governing body opined that the numbers are very much “speculative” as there is no way to predict how many breaches there will be from May 2018 and beyond.

It's important to note that the UK ICO only governs data in the UK and has no jurisdiction in other European countries. In the year 2016/17 the ICO only issued one data protection fine to a finance firm and that was £150,000 to Royal and Sun Alliance for losing the personal information of 60,000 customers.

Finance companies can also fined for either nuisance calls and texts which comes under different legislation or for failing to notify the ICO.

Further analysis from Consult Hyperion suggests that, “there have been no fewer than 27 data breach incidents among Tier 1 banks in the last decade, with some banks as multiple offenders, potentially liable for fines at the four percent of turnover level. This indicates an eight percent chance that any Tier 1 bank will suffer a data breach in any given year.”
Consult Hyperion says it expects to see two/three breaches of tier one banks, six breaches of tier two banks and a “long tail of breaches in Tier 3 financial institutions” over the next three years.

The firm concluded: “We estimate the average Tier 1 bank fine will be €260 million and the average Tier 2 bank fine at €48 million. The analysis forecasts that European banks can expect fines in the region of €4,662 million in the first three years after the introduction of GDPR.”

SC Magazine:

You Might Also Read:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

Get Ready To Be Dazzled By The GDPR Professionals:

Eight Steps To The GDPR Countdown:

 

« Google 'faces €1bn-plus fine' From EU
NHS Cyberattack Was 'launched from N. Korea' »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

British Insurance Brokers’ Association (BIBA)

British Insurance Brokers’ Association (BIBA)

BIBA is the UK’s leading general insurance intermediary organisation. Use the ‘Find Insurance‘ section of the BIBA website to find providers of cyber risk insurance in the UK.

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

CERT-PY

CERT-PY

CERT-PY is the national Computer Emergency Response Team for Paraguay.

AllClear ID

AllClear ID

AllClear ID provides products and services that help protect people and their personal information from threats related to identity theft.

Datacom Systems

Datacom Systems

Datacom Systems is a leading manufacturer of network visibility solutions.

Exonar

Exonar

We enable organisations to better organise their information, removing risk and making it more productive and secure.

Statice

Statice

Statice develops state-of-the-art data privacy technology that helps companies double-down on data-driven innovation while safeguarding the privacy of individuals.

Netlawgic Legal Services

Netlawgic Legal Services

Netlawgic is exclusively focused on delivering cyber law solutions to the industry. We provide our clients with specialized attention and problem solving in all aspects of cyber law.

WiSecure Technologies

WiSecure Technologies

WiSecure Technologies aims to develop cryptographic products meeting requirements in the new economic era.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

Ridge Canada Cyber Solutions

Ridge Canada Cyber Solutions

Ridge Canada helps insurance brokers and insurance buyers understand, evaluate, and secure cyber coverage that is tailored to their business.

NWN Corp

NWN Corp

NWN Corporation is a leading Cloud Communications Service Provider (CCSP) focused on transforming the customer and workspace experience for commercial, enterprise and public sector organizations.

Fortiedge

Fortiedge

Fortiedge is an IT Security solution provider specializing in Cyber Security practices and solutions for our clients.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

Commission Nationale de l'Informatique et des Libertés (CNIL)

Commission Nationale de l'Informatique et des Libertés (CNIL)

The mission of CNIL is to protect personal data, support innovation, and preserve individual liberties.