According to a new data protection research, conducted by the Clearswift data security company, the recent large GDPR fines against enterprise giants in the UK have had a ripple effect on board level involvement and spending plans in relation to cyber security within UK financial firms.
The research, which surveyed senior business decision makers within enterprise financial organisations in the UK, highlighted the Information Commission Officer’s (ICO) recent judgements, £183M proposed fine for BA and £99M proposed fine for Marriott, as a key turning point in addressing their own cyber security.
Close to one third of companies (32%) referenced recent GDPR fines against British Airways and Marriott International as being the primary reason for an increase in board level involvement and/or provision for IT security spending.
The research seems to show that the fines have clearly sent shockwaves into the industry and are now serving as a blueprint for how the ICO will handle cases of this nature. The board is now sitting up and taking notice of GDPR compliance and the role cyber security plays in it. However, it is not just about taking notice, it is the need to invest to maximise their ability to keep the organisation safe from new threats. Revisiting their ‘defence in depth’ strategy to augment with enhanced security solutions including both the boundary and the cloud, and implementing more stringent policies is critical to securing the critical information they hold within the organisation.
Other key threats identified by respondents included supply chain threats (25%), where attackers seek to damage an organisation by targeting less-secure elements in the supply network. Ransomware attacks (24%), such as the infamous WannaCry attack in 2017, where malicious software denies access to a computer system or critical data until a ransom is paid were also high up the list.