British Airways: the first major fine since the new GDPR rules came into force

As you may have read in the press earlier this week, British Airways is facing a record fine of £183 million from the Information Commissioner’s Office (ICO) after suffering a cyber attack in September last year. It is the largest fine the ICO has issued since the new General Data Protection Regulation (GDPR) rules came into effect from May 2018.

When British Airways was unfortunately hit by the cyber attack in September last year, the airline took just one day to inform its customers that details from around 380,000 booking transactions had been stolen, including bank card numbers, expiry dates and cvv codes. It is understood these details were taken via malicious script designed to steal financial information by skimming British Airways’ payment page before it was submitted. This hack allowed the attackers to see people’s details as they were entered on the page.

Although British Airways’ controlling company IAG was “surprised and disappointed” by the fine, it goes to show that the ICO are taking cyber breaches incredibly seriously, and is no doubt something we will see more of in the future. The largest fine previously issued was £500,000.

Costly fined from the Information Commissioner’s Office (ICO)

The financial price of getting GDPR wrong is well documented and organisations can be fined a up to 4% of their turnover. Data breaches inevitably can and will happen, but if an organisation has implemented proactive risk management they may be looked on favourably by regulators and protect their reputation.

This particular case highlights the fact that even if you’ve done everything possible to comply with GDPR rules you may still suffer a data theft, loss or breach.

Unfortunately, online crime is evolving, but thankfully there are solutions available to help protect your business if the worst does occur.  If your business is attacked, how easy would it be to detect the source of the attack and identify what data has been compromised?
How would you prevent the breach spreading? And limit the damage to your reputation?.

Cyber Insurance

Real Insurance are advising businesses to consider purchasing Cyber insurance. This is available to all business, regardless of their type and size.

Choosing the correct level of cyber cover is essential as different policies are available, some offering wider cover than others.

Cyber Crime is where the majority of claims fall and this cover is normally an optional extra so it is important to obtain clear advise about the cover being offeref to you.

For futher information, advise and a quotation speak to one of our Cyber specialists on 0330 058 0260