It is expensive not to be in compliance with GDPR

Almost a year ago, the European Union’s General Data Protection Regulation (GDPR) went into effect. The law requires any organization that stores or processes personal information about EU citizens within EU states to comply with GDPR, even if they do not have a business presence within the EU. Organizations that are found to be non-compliant can be fined up to four percent of their annual global turnover or €20 Million, whichever is greater.

 

There have been several recent high-profile cases of cybercrime, such as in the USA, where a company experienced a security breach that resulted in the theft of 143 million social security numbers. Most recently here in Denmark, several large service providers for the Danish state have experienced security breaches.

 

Now, British Airways faces a $230 Million fine for a breach in 2018, that compromised the personal information of 500,000 customers. British Airways revealed on September 6 that it had been breached and that cyber-criminals had access to the personal and financial details of customers who made bookings between August 21 and September 5. The criminals were one of the Magecart groups who specialize in web-based card skimming. The stolen data comprised customer names, postal addresses, email addresses, and credit card information.

The overall cost of the breach to British Airways will, however, be much higher. “£183m is the cost of not protecting sensitive personal information from cybercriminals and this is just the fine not including the actual costs of cleaning up or responding to the data breach,” comments Joseph Carson, chief security scientist at Thycotic to Security Week. “The cost of doing nothing minus the cost of doing something is the cyber risk that companies are willing to take by not taking cybersecurity more seriously.

 

This is now the first clear indication that European data protection regulators will not be afraid to use the full power of GDPR against major companies. Those organizations around the world that have been waiting to see the likely extent of GDPR enforcement do not need to wait longer. GDPR fines have been purposely linked to turnover so that large companies cannot treat data protection fines as part of necessary running costs.

 

Cybersecurity should occupy the number one spot on any company’s priority list. Is your company prepared?

Kill-Switch offers your company the means to react quickly to a cyberattack, be it an internal or external one and regardless of whether your IDS recognizes it as a known or unknown threat. The most important parameter during a security breach is time. Several studies show that the average reaction time from detection to the initial response action is 45 minutes. Imagine what a security breach can do to your infrastructure – and thus your business – in 45 minutes!

Now imagine that your company suffers a security breach to which you can react within seconds by automatically isolating the data center, application or PC where it all originated from.

That is precisely what a Kill-Switch allows you to do. There is one thing that is for certain: Your company will eventually experience a security breach. And with Kill-Switch we give you back the control to protect your data and potentially avoid having to pay a fine amounting to 4% of your global turnover.