• UK businesses set to be hit by new EU cybersecurity fines

British organisations will see a huge increase in regulatory fines when new EU legislation comes into effect in 2018, the PCI Security Standards Council (PCI SSC) has warned.

Penalties for cybersecurity breaches could reach up to £122 billion when the European Union brings in new rules that will set regulatory fines at 4% of global turnover up to €20m, a huge rise from the current £500,000.


This could represent a massive cost for UK businesses as 74% of SMEs in the country, and 90% of all organisations reported a security breach last year, leading to regulatory fines which are estimated to have totalled £1.4 billion.

Under new rules, the average fine for a large organisation could reach £11 million while the average SME could look to pay out up to £13,000.

Jeremy King, international director, PCI Security Standards Council, says: "The new EU legislation will be an absolute game-changer for both large organisations and SMEs. The regulator will be able to impose a stratospheric rise in penalties for security breaches, and it remains to be seen whether businesses facing these fines will be able to shoulder the costs.

"Companies, both large and small, need to act now and start putting in place robust standards and procedures to counter the cybersecurity threat, or face the prospect of paying astronomical costs in regulatory fines and reputational harm to their brand."