Report Predicts Banks To Get €4.7bn Fines In First 3 years Under GDPR

A new report is “conservatively” forecasting that European finance organisations are about to shell out €4.7 billion in first three years after the GDPR (General Data Protection Regulations) comes into power thanks to data breaches which they don't currently have to declare. 

Consult Hyperion, which commissioned AllClear ID to carry out the research said in a press release, “this forecast is conservative and excludes compensation claims, costs associated with lost customers, damaged reputations and senior executive resignations.” A spokesperson for the firm said the stats were, “gathered from historical data breach figures, adjusted for the size of the organisations and then the GDPR sanctions were added on top.”

To explain how the number was reached, the report says that, “based on the available data globally there were on average 514 verified breaches per year in the financial sector between 2013 and 2016. With a quarter of the world's banks in the European Union and no discernible difference in the regional pattern of reported breaches this implies there are around 128 breaches in the financial services industry each year in the EU. This is a highly conservative estimate.”

A press release from the company says, “It was assumed that breaches were at the lower end of the GDPR fine scale, which is €10 million or two percent of global annual turnover.”

When asked its opion on the number the UK Information Commissioner's (UK ICO) office a spokesperson for the governing body opined that the numbers are very much “speculative” as there is no way to predict how many breaches there will be from May 2018 and beyond.

It's important to note that the UK ICO only governs data in the UK and has no jurisdiction in other European countries. In the year 2016/17 the ICO only issued one data protection fine to a finance firm and that was £150,000 to Royal and Sun Alliance for losing the personal information of 60,000 customers.

Finance companies can also fined for either nuisance calls and texts which comes under different legislation or for failing to notify the ICO.

Further analysis from Consult Hyperion suggests that, “there have been no fewer than 27 data breach incidents among Tier 1 banks in the last decade, with some banks as multiple offenders, potentially liable for fines at the four percent of turnover level. This indicates an eight percent chance that any Tier 1 bank will suffer a data breach in any given year.”
Consult Hyperion says it expects to see two/three breaches of tier one banks, six breaches of tier two banks and a “long tail of breaches in Tier 3 financial institutions” over the next three years.

The firm concluded: “We estimate the average Tier 1 bank fine will be €260 million and the average Tier 2 bank fine at €48 million. The analysis forecasts that European banks can expect fines in the region of €4,662 million in the first three years after the introduction of GDPR.”

SC Magazine:

You Might Also Read:

Tesco Could Have Been Facing £2bn Fine After The Bank Hack:

Get Ready To Be Dazzled By The GDPR Professionals:

Eight Steps To The GDPR Countdown:

 

« Google 'faces €1bn-plus fine' From EU
NHS Cyberattack Was 'launched from N. Korea' »

Perimeter 81

Directory of Suppliers

WEBINAR: How To Build A Security Observability Strategy In AWS

WEBINAR: How To Build A Security Observability Strategy In AWS

Thursday, Apr 22, 2021 - Join this webinar to learn how to build a security observability strategy in AWS, covering cloud-native monitoring sources, guardrails, and automation capabilities.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

eBook: Practical Guide to Security in the AWS Cloud

eBook: Practical Guide to Security in the AWS Cloud

AWS Marketplace would like to present you with a digital copy of the new book, Practical Guide to Security in the AWS Cloud, by the SANS Institute.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

zwipe

zwipe

Zwipe provides biometric authentication solutions in three key areas - Payments, Access Control and ID.

Mojo Networks

Mojo Networks

Mojo Networks provide secure cloud-managed Wi-Fi with automated security that detects and stops attacks on your network and clients.

Astra

Astra

Astra's website security solution provides real-time protection against malware, hackers, SQLi, XSS, DDoS, LFI and RFI.

Cryptovision

Cryptovision

cv cryptovision GmbH is one of the leading specialists for modern, user-friendly cryptography and solutions for secure electronic identities.

3GRC

3GRC

Cloud-Based Risk & Compliance Management. Simplify, automate and centralise your risk and compliance programme with the 3GRC Platform.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

Crypto Quantique

Crypto Quantique

Crypto Quantique's ground-breaking technology radically simplifies the process of generating a hardware root of trust in an IoT device.

Netography

Netography

Netography provides a scalable and reliable platform for detection & remediation of cyber threats found on your network.