What do British Airways and Marriott Hotels have in common? Both were handed substantial fines by the UK’s Information Commissioner's Office (ICO) over cyber security breaches. And luckily for both organizations, the ICO reduced the fines due to the economic impact of COVID-19.
British Airways suffered its big cyber security breach in 2018. That breach affected the personal and credit card data of “many thousands of customers” according to a BBC article written just after the breach. Originally, the ICO said in 2019 that they would fine British airways £183 million, but they have reduced the amount to £20 million due to "the economic impact of Covid-19" on the travel industry. Why the hefty fine? The investigation showed that the security measures that were available to British airways at the time were not put in place.
The Marriott Hotel Group is also facing substantial fines relating to cyber security breach that began in 2014, and wasn’t discovered by the organization until 2018. “Over the course of four years, information belonging to roughly 339 million guests was stolen. In total, seven million records relating to UK guests were exposed.” The ICO originally intended to fine Marriott £99,200,396 for GDPR violations. The ICO has since revised that amount to £18.4 million due to “security improvements, and the economic damage caused by COVID-19.”
Even though the ICO substantially reduced fines for both organizations, those are still some very hefty penalties. Could your business afford a fine of £20 million? The message being sent by regulators is, if the technology is available to you to prevent a breach, you are obligated to use it to safeguard information. Data breaches are serious business. Even though both these examples come from the UK, your business has privacy obligations in any country around the world you do business in, including the EU, Canada and the U.S. (California, with more states likely to follow).
If you want to avoid paying hefty penalties for a cyber security breach, then you need to ensure your organization is doing all it can to prevent a breach. Not sure how? Talk to Uzado today to learn how we can help your organization.