Report Predicts Banks To Get €4.7bn Fines In First 3 years Under GDPR

A new report is “conservatively” forecasting that European finance organisations are about to shell out €4.7 billion in first three years after the GDPR (General Data Protection Regulations) comes into power thanks to data breaches which they don't currently have to declare. 

Consult Hyperion, which commissioned AllClear ID to carry out the research said in a press release, “this forecast is conservative and excludes compensation claims, costs associated with lost customers, damaged reputations and senior executive resignations.” A spokesperson for the firm said the stats were, “gathered from historical data breach figures, adjusted for the size of the organisations and then the GDPR sanctions were added on top.”

To explain how the number was reached, the report says that, “based on the available data globally there were on average 514 verified breaches per year in the financial sector between 2013 and 2016. With a quarter of the world's banks in the European Union and no discernible difference in the regional pattern of reported breaches this implies there are around 128 breaches in the financial services industry each year in the EU. This is a highly conservative estimate.”

A press release from the company says, “It was assumed that breaches were at the lower end of the GDPR fine scale, which is €10 million or two percent of global annual turnover.”

When asked its opion on the number the UK Information Commissioner's (UK ICO) office a spokesperson for the governing body opined that the numbers are very much “speculative” as there is no way to predict how many breaches there will be from May 2018 and beyond.

It's important to note that the UK ICO only governs data in the UK and has no jurisdiction in other European countries. In the year 2016/17 the ICO only issued one data protection fine to a finance firm and that was £150,000 to Royal and Sun Alliance for losing the personal information of 60,000 customers.

Finance companies can also fined for either nuisance calls and texts which comes under different legislation or for failing to notify the ICO.

Further analysis from Consult Hyperion suggests that, “there have been no fewer than 27 data breach incidents among Tier 1 banks in the last decade, with some banks as multiple offenders, potentially liable for fines at the four percent of turnover level. This indicates an eight percent chance that any Tier 1 bank will suffer a data breach in any given year.”
Consult Hyperion says it expects to see two/three breaches of tier one banks, six breaches of tier two banks and a “long tail of breaches in Tier 3 financial institutions” over the next three years.

The firm concluded: “We estimate the average Tier 1 bank fine will be €260 million and the average Tier 2 bank fine at €48 million. The analysis forecasts that European banks can expect fines in the region of €4,662 million in the first three years after the introduction of GDPR.”

SC Magazine:

You Might Also Read:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

Get Ready To Be Dazzled By The GDPR Professionals:

Eight Steps To The GDPR Countdown:

 

« Google 'faces €1bn-plus fine' From EU
NHS Cyberattack Was 'launched from N. Korea' »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

Verint Systems

Verint Systems

Verint is a leader in CX automation. The world’s most iconic brands rely on our open platform and team of AI-powered bots to create tangible AI business outcomes, now.

SentryBay

SentryBay

SentryBay is the global leader in preventative endpoint isolation protection. We protect remote, BYOD and corporate endpoints so they can safely and securely connect with your corporate network.

Fedco International

Fedco International

Fedco International is an IT and SCADA ICS Security consultancy firm.

National Cyber Security Agency (NACSA) - Malaysia

National Cyber Security Agency (NACSA) - Malaysia

NACSA is the leading government agency in Malaysia responsible for the development and implementation of national cyber security management policie and strategies.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Cingo Solutions

Cingo Solutions

Cingo Solutions is a Managed Detection & Response company providing specialized data security services.

Rezilion

Rezilion

Rezilion is a stealth mode cyber-security start-up developing a cutting edge technology that makes cloud environments self-protecting and resilient to cyber-attacks.

Infosec Partners

Infosec Partners

Whether you’re looking for complete managed security or an on-call expert advisor, we offer a range of managed security services to complement your internal team or primary outsource partner.

Analog Devices Inc (ADI)

Analog Devices Inc (ADI)

Analog Devices is uniquely positioned to deliver security at the edge, where the data is born, because our sensor solutions convert the physical, analog world into the digital world.

CrossCountry Consulting

CrossCountry Consulting

CrossCountry Consulting is a trusted business advisory firm that provides customized finance, accounting, human capital management, risk, operations and technology consulting services.

Central Intelligence Agency (CIA) - USA

Central Intelligence Agency (CIA) - USA

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

Labaton Sucharow

Labaton Sucharow

Standing on the horizon of law and technology, our Cybersecurity and Data Privacy Practice helps to protect consumers who have been harmed by businesses’ failures to safeguard their customers' data.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

NMi Group

NMi Group

NMi Group is a global pioneer in mission-critical Testing, Inspection, Certification, and Calibration (TICC) services.

Secure Enterprise Engineering (SEE)

Secure Enterprise Engineering (SEE)

SEE provides disruptive cybersecurity system engineering, architecture, and operational capabilities to make our customer’s missions execute faster, smarter, and more securely.